Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1661
Date Id Summary Products Score Patch Annotated
2022-08-29 CVE-2022-0851 There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This... Convert2rhel, Enterprise_linux 5.5
2022-08-29 CVE-2022-0852 There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs... Convert2rhel, Enterprise_linux 5.5
2022-08-29 CVE-2022-0934 A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. Enterprise_linux, Dnsmasq 7.5
2022-08-29 CVE-2022-1016 A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Linux_kernel, Enterprise_linux 5.5
2022-08-29 CVE-2022-1198 A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Linux_kernel, Enterprise_linux 5.5
2022-08-29 CVE-2022-1199 A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Linux_kernel, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux 7.5
2022-08-31 CVE-2022-1247 An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. Fedora, Linux_kernel, Enterprise_linux 7.0
2022-08-31 CVE-2022-1263 A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Linux_kernel, Enterprise_linux 5.5
2022-08-31 CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. Debian_linux, Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 5.5
2022-08-31 CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. Debian_linux, Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 6.1