Product:

Enterprise_linux_desktop

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/kyz/libmspack
https://github.com/LibRaw/LibRaw
https://github.com/rubygems/rubygems
https://github.com/madler/zlib
https://github.com/the-tcpdump-group/tcpdump
https://github.com/fedora-selinux/setroubleshoot
https://github.com/mdadams/jasper
https://github.com/ntp-project/ntp
https://github.com/neomutt/neomutt
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
https://github.com/abrt/abrt
https://github.com/mysql/mysql-server
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/qos-ch/slf4j
https://github.com/uclouvain/openjpeg
https://github.com/SELinuxProject/selinux
https://github.com/FreeRDP/FreeRDP
https://github.com/Perl/perl5
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/jpirko/libndp
https://github.com/candlepin/subscription-manager
https://github.com/dogtagpki/pki
https://github.com/szukw000/openjpeg
https://github.com/rpm-software-management/yum-utils
https://github.com/sosreport/sos-collector
https://github.com/requests/requests
https://github.com/glennrp/libpng
https://github.com/paramiko/paramiko
https://github.com/mjg59/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/git/git
https://github.com/karelzak/util-linux
https://github.com/GNOME/evince
https://git.savannah.gnu.org/git/patch.git
https://github.com/UNINETT/mod_auth_mellon
https://github.com/flori/json
https://github.com/flatpak/flatpak
https://github.com/libguestfs/hivex
https://github.com/vadz/libtiff
https://github.com/jquery/jquery-ui
#Vulnerabilities 1933
Date Id Summary Products Score Patch Annotated
2017-04-27 CVE-2017-8291 Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Ghostscript, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.8
2014-09-24 CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2012-06-16 CVE-2012-1723 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Icedtea6 9.8
2015-10-22 CVE-2015-4902 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Leap, Opensuse, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_from_rhui, Enterprise_linux_workstation, Satellite, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2017-09-19 CVE-2017-12615 When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Tomcat, 7\-Mode_transition_tool, Oncommand_balance, Oncommand_shift, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories 8.1
2016-03-29 CVE-2016-1646 The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. Ubuntu_linux, Debian_linux, Chrome, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub 8.8
2018-12-11 CVE-2018-17480 Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2019-12-18 CVE-2019-8506 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2023-03-27 CVE-2023-0494 A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. Fedora, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_server_workstation, X_server 7.8
2017-01-19 CVE-2016-5198 V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8