Enterprise_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/Perl/perl5
• https://github.com/ceph/ceph
• https://github.com/ClusterLabs/pcs
• https://github.com/mjg59/linux

• https://github.com/opencontainers/runc
• https://github.com/bonzini/qemu
• https://github.com/apache/httpd
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/kyz/libmspack
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/neomutt/neomutt
• https://github.com/php/php-src
• https://github.com/vadz/libtiff
• https://github.com/numpy/numpy
• https://github.com/bagder/curl
• https://github.com/ClusterLabs/pacemaker
• https://github.com/hercules-team/augeas

#Vulnerabilities

1650

Date	Id	Summary	Products	Score	Patch	Annotated
2021-03-09	CVE-2020-35524	A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	Debian_linux, Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux	7.8
2021-03-12	CVE-2021-20231	A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.	Fedora, Gnutls, Active_iq_unified_manager, E\-Series_performance_analyzer, Enterprise_linux	9.8
2021-03-12	CVE-2021-20232	A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.	Fedora, Gnutls, Enterprise_linux	9.8
2021-03-15	CVE-2021-20179	A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.	Dogtagpki, Fedora, Certificate_system, Enterprise_linux	8.1
2021-04-01	CVE-2021-20291	A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using...	Fedora, Enterprise_linux, Openshift_container_platform, Storage	6.5
2021-04-05	CVE-2021-20305	A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.	Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Nettle, Enterprise_linux	8.1
2021-04-08	CVE-2021-3448	A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.	Fedora, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_linux, Dnsmasq	4.0
2021-04-08	CVE-2021-3482	A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.	Debian_linux, Exiv2, Fedora, Enterprise_linux	6.5
2021-04-19	CVE-2021-3505	A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.	Fedora, Libtpms, Enterprise_linux	5.5
2021-04-19	CVE-2021-20208	A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.	Fedora, Enterprise_linux, Cifs\-Utils	6.1