Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1637
Date Id Summary Products Score Patch Annotated
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Fedora, Linux_kernel, Enterprise_linux, Messaging_realtime_grid, Openshift_container_platform 4.4
2021-03-09 CVE-2020-35521 A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 5.5
2021-03-09 CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 5.5
2021-03-09 CVE-2020-35523 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Debian_linux, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 7.8
2021-03-09 CVE-2020-35524 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Debian_linux, Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 7.8
2021-03-12 CVE-2021-20231 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Fedora, Gnutls, Active_iq_unified_manager, E\-Series_performance_analyzer, Enterprise_linux 9.8
2021-03-12 CVE-2021-20232 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Fedora, Gnutls, Enterprise_linux 9.8
2021-03-15 CVE-2021-20179 A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Dogtagpki, Fedora, Certificate_system, Enterprise_linux 8.1
2021-04-01 CVE-2021-20291 A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using... Fedora, Enterprise_linux, Openshift_container_platform, Storage 6.5
2021-04-05 CVE-2021-20305 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Nettle, Enterprise_linux 8.1