Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-18 | CVE-2021-3657 | A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | Debian_linux, Fedora, Isync, Enterprise_linux | 9.8 | ||
| 2022-06-30 | CVE-2022-1852 | A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. | Linux_kernel, Enterprise_linux | 5.5 | ||
| 2022-06-30 | CVE-2022-2078 | A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. | Debian_linux, Linux_kernel, Enterprise_linux, Virtualization | 5.5 | ||
| 2022-02-18 | CVE-2021-3930 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | Debian_linux, Qemu, Codeready_linux_builder, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_advanced_virtualization_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openstack | 6.5 | ||
| 2018-10-23 | CVE-2018-18584 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. | Cabextract, Ubuntu_linux, Debian_linux, Libmspack, Enterprise_linux, Starwind_virtual_san, Linux_enterprise_server | 6.5 | ||
| 2020-12-02 | CVE-2020-25656 | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | Debian_linux, Linux_kernel, Enterprise_linux, Starwind_virtual_san | 4.1 | ||
| 2021-05-27 | CVE-2021-30501 | An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. | Fedora, Enterprise_linux, Upx | 5.5 | ||
| 2021-04-19 | CVE-2021-3498 | GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | Debian_linux, Gstreamer, Enterprise_linux | 7.8 | ||
| 2022-03-03 | CVE-2021-3602 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). | Buildah, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian | 5.5 | ||
| 2021-05-28 | CVE-2021-20201 | A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. | Enterprise_linux, Spice | 5.3 |