Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-14 | CVE-2022-2850 | A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | Debian_linux, Fedora, 389\-Ds\-Base, Directory_server, Enterprise_linux | 6.5 | ||
| 2022-10-14 | CVE-2022-2963 | A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | Fedora, Jasper, Enterprise_linux | 7.5 | ||
| 2022-11-08 | CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | Fedora, Enterprise_linux, Systemd | 5.5 | ||
| 2022-11-22 | CVE-2022-3500 | A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | Fedora, Keylime, Enterprise_linux | 5.1 | ||
| 2022-11-29 | CVE-2022-4144 | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. | Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux | 6.5 | ||
| 2022-12-14 | CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | Debian_linux, Fedora, Enterprise_linux, Xorg\-Server | 7.8 | ||
| 2022-12-19 | CVE-2022-3775 | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | Grub2, Enterprise_linux | 7.1 | ||
| 2023-01-05 | CVE-2022-3715 | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | Bash, Enterprise_linux | 7.8 | ||
| 2023-01-12 | CVE-2022-4743 | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. | Simple_directmedia_layer, Enterprise_linux | 7.5 | ||
| 2023-01-27 | CVE-2022-4285 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | Fedora, Binutils, Enterprise_linux | 5.5 |