Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-11 | CVE-2017-5464 | During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | Debian_linux, Firefox, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 9.8 | ||
| 2018-06-11 | CVE-2017-5465 | An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 9.1 | ||
| 2018-06-11 | CVE-2017-5469 | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 9.8 | ||
| 2018-06-11 | CVE-2017-7786 | A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 9.8 | ||
| 2019-02-04 | CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | Ubuntu_linux, Debian_linux, Xp7_command_view, Xp7_command_view_advanced_edition_suite, Libpng, Firefox, Thunderbird, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore, Leap, Package_hub, Hyperion_infrastructure_technology, Java_se, Jdk, Mysql, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_workstation, Satellite | 5.3 | ||
| 2024-02-09 | CVE-2024-0229 | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | Fedora, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_tus, Enterprise_linux_update_services_for_sap_solutions, X_server, Xwayland | 7.8 | ||
| 2024-01-28 | CVE-2024-0841 | A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | Linux_kernel, Enterprise_linux | 7.8 | ||
| 2024-01-17 | CVE-2024-0646 | An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. | Linux_kernel, Enterprise_linux | 7.8 | ||
| 2024-01-30 | CVE-2024-0564 | A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are... | Linux_kernel, Enterprise_linux | 6.5 | ||
| 2024-02-12 | CVE-2024-1454 | The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management... | Fedora, Opensc, Enterprise_linux | 3.4 |