Enterprise_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/Perl/perl5
• https://github.com/ceph/ceph
• https://github.com/ClusterLabs/pcs
• https://github.com/mjg59/linux

• https://github.com/apache/httpd
• https://github.com/opencontainers/runc
• https://github.com/bonzini/qemu
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/kyz/libmspack
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/neomutt/neomutt
• https://github.com/php/php-src
• https://github.com/vadz/libtiff
• https://github.com/numpy/numpy
• https://github.com/bagder/curl
• https://github.com/ClusterLabs/pacemaker
• https://github.com/hercules-team/augeas

#Vulnerabilities

1661

Date	Id	Summary	Products	Score	Patch	Annotated
2022-07-14	CVE-2022-2393	A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.	Pki\-Core, Certificate_system, Enterprise_linux	5.7
2022-07-25	CVE-2022-35651	A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.	Fedora, Moodle, Enterprise_linux	6.1
2022-07-25	CVE-2022-35653	A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not...	Fedora, Moodle, Enterprise_linux	6.1
2022-08-26	CVE-2022-34303	A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.	Uefi_bootloader, Windows_10, Windows_11, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Enterprise_linux	6.7
2022-08-26	CVE-2022-34302	A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.	Uefi_bootloader, Windows_10, Windows_11, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Enterprise_linux	6.7
2022-08-26	CVE-2022-34301	A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.	Cryptopro_securedisk_for_bitlocker, Windows_10, Windows_11, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Enterprise_linux	6.7
2022-08-01	CVE-2022-2509	A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.	Debian_linux, Fedora, Gnutls, Enterprise_linux	7.5
2022-08-05	CVE-2022-1158	A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.	Fedora, Linux_kernel, Enterprise_linux	7.8
2022-08-17	CVE-2020-14394	An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.	Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform	3.2
2022-08-18	CVE-2022-2625	A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.	Fedora, Postgresql, Enterprise_linux	8.0