Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-03-09 | CVE-2021-20245 | A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Imagemagick, Enterprise_linux | 5.5 | ||
2021-03-09 | CVE-2021-20246 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Imagemagick, Enterprise_linux | 5.5 | ||
2022-06-16 | CVE-2022-32546 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 7.8 | ||
2022-06-16 | CVE-2022-32545 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 7.8 | ||
2022-06-16 | CVE-2022-32547 | In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. | Fedora, Imagemagick, Enterprise_linux | 7.8 | ||
2022-10-14 | CVE-2022-2850 | A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | Debian_linux, Fedora, 389\-Ds\-Base, Directory_server, Enterprise_linux | 6.5 | ||
2020-10-06 | CVE-2020-25643 | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Debian_linux, Linux_kernel, H410c_firmware, Leap, Enterprise_linux, Starwind_virtual_san | 7.2 | ||
2020-12-11 | CVE-2020-27786 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller, Enterprise_linux, Enterprise_mrg, Openshift_container_platform | 7.8 | ||
2021-09-29 | CVE-2021-3653 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of... | Debian_linux, Linux_kernel, Enterprise_linux | 8.8 | ||
2022-06-09 | CVE-2022-1998 | A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | Fedora, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux | 7.8 |