Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

10 matches found

CVE•added 2021/04/08 11:15 p.m.•1633 views

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID...

4.3CVSS4.1AI score0.00042EPSS

CVE•added 2021/04/05 10:15 p.m.•602 views

CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw all...

8.1CVSS6.7AI score0.0008EPSS

CVE•added 2021/04/01 2:15 p.m.•424 views

CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An ...

4.3CVSS4.2AI score0.00091EPSS

CVE•added 2021/04/01 6:15 p.m.•287 views

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinite...

7.1CVSS6.5AI score0.00111EPSS

CVE•added 2021/04/19 9:15 p.m.•257 views

CVE-2021-3497

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

7.8CVSS7.6AI score0.00199EPSS

CVE•added 2021/04/19 9:15 p.m.•243 views

CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

7.8CVSS7.8AI score0.00231EPSS

CVE•added 2021/04/19 10:15 p.m.•239 views

CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

6.1CVSS6.1AI score0.00237EPSS

CVE•added 2021/04/26 3:15 p.m.•236 views

CVE-2021-3472

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.3AI score0.00093EPSS

CVE•added 2021/04/08 11:15 p.m.•216 views

CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

6.5CVSS6.6AI score0.00202EPSS

CVE•added 2021/04/19 9:15 p.m.•83 views

CVE-2021-3505

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threa...

5.5CVSS5.2AI score0.00126EPSS