Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1647
Date Id Summary Products Score Patch Annotated
2022-05-18 CVE-2022-30599 A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Fedora, Moodle, Enterprise_linux 9.8
2022-05-18 CVE-2022-30600 A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Fedora, Moodle, Enterprise_linux 9.8
2022-06-02 CVE-2022-1789 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Debian_linux, Fedora, Linux_kernel, Enterprise_linux 6.8
2022-07-25 CVE-2022-35651 A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Fedora, Moodle, Enterprise_linux 6.1
2022-07-25 CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not... Fedora, Moodle, Enterprise_linux 6.1
2022-08-01 CVE-2022-2509 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Debian_linux, Fedora, Gnutls, Enterprise_linux 7.5
2022-08-22 CVE-2021-3659 A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Fedora, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Virtualization_host 5.5
2022-08-17 CVE-2020-14394 An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform 3.2
2022-08-22 CVE-2022-2873 An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Debian_linux, Fedora, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux 5.5
2022-08-23 CVE-2021-3839 A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath 7.5