Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-10 | CVE-2022-0516 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | Debian_linux, Fedora, Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Virtualization_host | 7.8 | ||
| 2019-10-16 | CVE-2019-2996 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update,... | E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Oncommand_workflow_automation, Snapmanager, Jdk, Jre, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 4.2 | ||
| 2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this... | Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 4.7 | ||
| 2021-03-23 | CVE-2021-3409 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. | Debian_linux, Fedora, Qemu, Enterprise_linux | 5.7 | ||
| 2021-05-26 | CVE-2021-3527 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on... | Debian_linux, Qemu, Enterprise_linux | 5.5 | ||
| 2022-04-18 | CVE-2021-42778 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | Fedora, Opensc, Enterprise_linux | 5.3 | ||
| 2020-12-03 | CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | Debian_linux, Poppler, Enterprise_linux | 7.5 | ||
| 2021-04-19 | CVE-2021-3497 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | Debian_linux, Gstreamer, Enterprise_linux | 7.8 | ||
| 2022-01-25 | CVE-2021-4145 | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | Qemu, Enterprise_linux | 6.5 | ||
| 2022-08-31 | CVE-2022-1263 | A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | Linux_kernel, Enterprise_linux | 5.5 |