Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-28 | CVE-2023-3138 | A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for... | Enterprise_linux, Libx11 | 7.5 | ||
| 2022-03-03 | CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, H300e, H300s, H410c, H410s, H500e, H500s, H700e, H700s, Hci_compute_node, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Codeready_linux_builder, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Virtualization_host | 7.8 | ||
| 2023-06-06 | CVE-2023-2602 | A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. | Debian_linux, Fedora, Libcap, Enterprise_linux | 3.3 | ||
| 2021-03-18 | CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | Fedora, Lldpd, Openvswitch, Enterprise_linux, Openshift_container_platform, Openstack, Virtualization, Simatic_hmi_unified_comfort_panels_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Sinumerik_one_firmware, Tim_1531_irc_firmware | 7.5 | ||
| 2021-03-25 | CVE-2021-3466 | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | Fedora, Libmicrohttpd, Enterprise_linux | 9.8 | ||
| 2022-01-20 | CVE-2021-45417 | AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | Advanced_intrusion_detection_environment, Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux, Ovirt\-Node, Virtualization_host | 7.8 | ||
| 2022-12-19 | CVE-2022-3775 | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | Grub2, Enterprise_linux | 7.1 | ||
| 2023-04-25 | CVE-2023-30549 | Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for... | Apptainer, Enterprise_linux, Singularity | 7.8 | ||
| 2023-09-30 | CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | Debian_linux, Fedora, Enterprise_linux, Libvpx | 7.5 | ||
| 2023-11-09 | CVE-2023-5544 | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | Fedora, Moodle, Enterprise_linux | 5.4 |