Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2022-04-08 CVE-2022-28796 jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Fedora, Linux_kernel, Active_iq_unified_manager, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Enterprise_linux 7.0
2018-12-18 CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_mrg 8.0
2019-05-07 CVE-2019-11811 An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.0
2023-03-27 CVE-2023-0179 A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Ubuntu_linux, Fedora, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.8
2022-03-23 CVE-2022-0996 A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Fedora, 389_directory_server, Enterprise_linux 6.5
2022-06-02 CVE-2022-1949 An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. Fedora, 389\-Ds\-Base, Directory_server, Enterprise_linux 7.5
2018-07-25 CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. Plexus\-Archiver, Debian_linux, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation 5.5
2023-05-30 CVE-2023-2953 A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Macos, Active_iq_unified_manager, Clustered_data_ontap, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_tools, Openldap, Enterprise_linux 7.5
2021-05-28 CVE-2021-20292 There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Debian_linux, Fedora, Linux_kernel, Enterprise_linux 6.7
2022-06-07 CVE-2022-1708 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when... Fedora, Cri\-O, Enterprise_linux, Openshift_container_platform 7.5