Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1661
Date Id Summary Products Score Patch Annotated
2021-05-28 CVE-2021-20201 A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Enterprise_linux, Spice 5.3
2021-05-28 CVE-2021-20236 A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Fedora, Ceph_storage, Enterprise_linux, Zeromq 9.8
2021-05-28 CVE-2021-20239 A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Fedora, Linux_kernel, Enterprise_linux 3.3
2021-05-28 CVE-2021-20292 There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Debian_linux, Fedora, Linux_kernel, Enterprise_linux 6.7
2021-06-01 CVE-2021-32027 A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Postgresql, Enterprise_linux, Jboss_enterprise_application_platform, Software_collections 8.8
2021-06-01 CVE-2021-3516 There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Debian_linux, Fedora, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Ontap_select_deploy_administration_utility, Zfs_storage_appliance_kit, Enterprise_linux, Jboss_core_services, Xmllint 7.8
2021-06-01 CVE-2021-3543 A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. Fedora, Nitro_enclaves, Enterprise_linux 6.7
2021-06-03 CVE-2021-3569 A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability. Libtpms, Enterprise_linux 5.5
2021-06-04 CVE-2021-3565 A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. Fedora, Enterprise_linux, Tpm2\-Tools 5.9
2021-06-09 CVE-2021-0129 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Bluez, Debian_linux, Enterprise_linux 5.7