Enterprise_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/Perl/perl5
• https://github.com/ceph/ceph
• https://github.com/ClusterLabs/pcs
• https://github.com/mjg59/linux

• https://github.com/opencontainers/runc
• https://github.com/bonzini/qemu
• https://github.com/apache/httpd
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/kyz/libmspack
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/neomutt/neomutt
• https://github.com/php/php-src
• https://github.com/vadz/libtiff
• https://github.com/numpy/numpy
• https://github.com/bagder/curl
• https://github.com/ClusterLabs/pacemaker
• https://github.com/hercules-team/augeas

#Vulnerabilities

1647

Date	Id	Summary	Products	Score	Patch	Annotated
2022-08-29	CVE-2022-1199	A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.	Linux_kernel, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux	7.5
2022-08-25	CVE-2021-35937	A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	Fedora, Enterprise_linux, Rpm	6.4
2022-08-31	CVE-2022-2132	A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.	Debian_linux, Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization	8.6
2022-09-09	CVE-2022-2905	An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.	Debian_linux, Linux_kernel, Enterprise_linux	5.5
2022-11-08	CVE-2022-3821	An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.	Fedora, Enterprise_linux, Systemd	5.5
2022-11-22	CVE-2022-3500	A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.	Fedora, Keylime, Enterprise_linux	5.1
2022-11-29	CVE-2022-4144	An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.	Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux	6.5
2023-01-27	CVE-2022-4285	An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.	Fedora, Binutils, Enterprise_linux	5.5
2023-02-02	CVE-2022-3560	A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.	Fedora, Pesign, Enterprise_linux	5.5
2023-02-15	CVE-2023-0361	A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data...	Debian_linux, Fedora, Gnutls, Active_iq_unified_manager, Converged_systems_advisor_agent, Ontap_select_deploy_administration_utility, Enterprise_linux	7.4