Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-18 | CVE-2022-30596 | A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | Fedora, Moodle, Enterprise_linux | 5.4 | ||
| 2022-05-18 | CVE-2022-30597 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | Fedora, Moodle, Enterprise_linux | 5.3 | ||
| 2022-05-18 | CVE-2022-30598 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | Fedora, Moodle, Enterprise_linux | 4.3 | ||
| 2022-05-18 | CVE-2022-30599 | A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | Fedora, Moodle, Enterprise_linux | 9.8 | ||
| 2022-05-18 | CVE-2022-30600 | A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | Fedora, Moodle, Enterprise_linux | 9.8 | ||
| 2022-06-02 | CVE-2022-1462 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | Debian_linux, Linux_kernel, Enterprise_linux | 6.3 | ||
| 2022-06-02 | CVE-2022-1789 | With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux | 6.8 | ||
| 2022-06-07 | CVE-2022-1708 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when... | Fedora, Cri\-O, Enterprise_linux, Openshift_container_platform | 7.5 | ||
| 2022-06-09 | CVE-2022-1998 | A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | Fedora, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux | 7.8 | ||
| 2022-06-16 | CVE-2022-32545 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 7.8 |