Enterprise_linux_eus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux_eus
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/krb5/krb5
• https://github.com/madler/zlib
• https://github.com/dajobe/raptor
• https://github.com/qos-ch/slf4j

• https://github.com/uclouvain/openjpeg
• https://github.com/Perl/perl5
• https://github.com/apache/httpd
• https://github.com/openssh/openssh-portable
• https://github.com/openbsd/src
• https://github.com/mysql/mysql-server
• https://github.com/ImageMagick/ImageMagick
• https://github.com/mdadams/jasper

#Vulnerabilities

759

Date	Id	Summary	Products	Score	Patch	Annotated
2019-11-14	CVE-2019-11135	TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.	Ubuntu_linux, Debian_linux, Fedora, Apollo_2000_firmware, Apollo_4200_firmware, Proliant_bl460c_firmware, Proliant_dl120_firmware, Proliant_dl160_firmware, Proliant_dl180_firmware, Proliant_dl20_firmware, Proliant_dl360_firmware, Proliant_dl380_firmware, Proliant_dl560_firmware, Proliant_dl580_firmware, Proliant_e910_firmware, Proliant_ml110_firmware, Proliant_ml30_firmware, Proliant_ml350_firmware, Proliant_xl170r_firmware, Proliant_xl190r_firmware, Proliant_xl230k_firmware, Proliant_xl270d_firmware, Proliant_xl450_firmware, Synergy_480_firmware, Synergy_660_firmware, Celeron_5305u_firmware, Core_i5\-10110y_firmware, Core_i5\-10210u_firmware, Core_i5\-10210y_firmware, Core_i5\-10310y_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8265u_firmware, Core_i5\-8310y_firmware, Core_i5\-8365u_firmware, Core_i5\-9300h_firmware, Core_i5\-9400_firmware, Core_i5\-9400f_firmware, Core_i5\-9400h_firmware, Core_i5\-9600k_firmware, Core_i5\-9600kf_firmware, Core_i7\-10510u_firmware, Core_i7\-10510y_firmware, Core_i7\-8500y_firmware, Core_i7\-8565u_firmware, Core_i7\-8665u_firmware, Core_i7\-9700k_firmware, Core_i7\-9700kf_firmware, Core_i7\-9750hf_firmware, Core_i7\-9850h_firmware, Core_i9\-9880h_firmware, Core_i9\-9900k_firmware, Core_i9\-9900kf_firmware, Core_i9\-9980hk_firmware, Core_m3\-8100y_firmware, Pentium_6405u_firmware, Xeon_3204_firmware, Xeon_3206r_firmware, Xeon_4208_firmware, Xeon_4208r_firmware, Xeon_4209t_firmware, Xeon_4210_firmware, Xeon_4210r_firmware, Xeon_4214_firmware, Xeon_4214c_firmware, Xeon_4214r_firmware, Xeon_4214y_firmware, Xeon_4215_firmware, Xeon_4216_firmware, Xeon_4216r_firmware, Xeon_5215_firmware, Xeon_5215l_firmware, Xeon_5215m_firmware, Xeon_5215r_firmware, Xeon_5217_firmware, Xeon_5218_firmware, Xeon_5218b_firmware, Xeon_5218n_firmware, Xeon_5218t_firmware, Xeon_5220_firmware, Xeon_5220r_firmware, Xeon_5220s_firmware, Xeon_5220t_firmware, Xeon_5222_firmware, Xeon_6222v_firmware, Xeon_6226_firmware, Xeon_6230_firmware, Xeon_6230n_firmware, Xeon_6230t_firmware, Xeon_6234_firmware, Xeon_6238_firmware, Xeon_6238l_firmware, Xeon_6238m_firmware, Xeon_6238t_firmware, Xeon_6240_firmware, Xeon_6240l_firmware, Xeon_6240m_firmware, Xeon_6240y_firmware, Xeon_6242_firmware, Xeon_6244_firmware, Xeon_6246_firmware, Xeon_6248_firmware, Xeon_6252_firmware, Xeon_6252n_firmware, Xeon_6254_firmware, Xeon_6262v_firmware, Xeon_8253_firmware, Xeon_8256_firmware, Xeon_8260_firmware, Xeon_8260l_firmware, Xeon_8260m_firmware, Xeon_8260y_firmware, Xeon_8268_firmware, Xeon_8270_firmware, Xeon_8276_firmware, Xeon_8276l_firmware, Xeon_8276m_firmware, Xeon_8280_firmware, Xeon_8280l_firmware, Xeon_8280m_firmware, Xeon_9220_firmware, Xeon_9221_firmware, Xeon_9222_firmware, Xeon_9242_firmware, Xeon_9282_firmware, Xeon_e\-2278g_firmware, Xeon_e\-2278ge_firmware, Xeon_e\-2278gel_firmware, Xeon_e\-2286m_firmware, Xeon_e\-2288g_firmware, Xeon_w\-2223_firmware, Xeon_w\-2225_firmware, Xeon_w\-2235_firmware, Xeon_w\-2245_firmware, Xeon_w\-2255_firmware, Xeon_w\-2265_firmware, Xeon_w\-2275_firmware, Xeon_w\-2295_firmware, Xeon_w\-3223_firmware, Xeon_w\-3225_firmware, Xeon_w\-3235_firmware, Xeon_w\-3245_firmware, Xeon_w\-3245m_firmware, Xeon_w\-3265_firmware, Xeon_w\-3265m_firmware, Xeon_w\-3275_firmware, Xeon_w\-3275m_firmware, Leap, Zfs_storage_appliance_kit, Codeready_linux_builder, Codeready_linux_builder_eus, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_manager, Slackware	6.5
2019-12-10	CVE-2019-13734	Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Ubuntu_linux, Debian_linux, Fedora, Chrome, Backports_sle, Communications_cloud_native_core_network_repository_function, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Package_hub	8.8
2019-12-13	CVE-2019-16775	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user...	Fedora, Npm, Leap, Graalvm, Enterprise_linux, Enterprise_linux_eus	6.5
2019-12-13	CVE-2019-16776	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts...	Fedora, Npm, Leap, Graalvm, Enterprise_linux, Enterprise_linux_eus	8.1
2019-12-13	CVE-2019-16777	Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability...	Fedora, Npm, Leap, Graalvm, Enterprise_linux, Enterprise_linux_eus	6.5
2019-12-19	CVE-2019-19906	cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.	Bookkeeper, Ipados, Iphone_os, Mac_os_x, Ubuntu_linux, Cyrus\-Sasl, Debian_linux, Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Jboss_enterprise_web_server	7.5
2020-01-13	CVE-2020-6851	OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.	Debian_linux, Fedora, Georaster, Outside_in_technology, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openjpeg	7.5
2020-07-31	CVE-2020-14310	There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.	Ubuntu_linux, Grub2, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus	6.0
2020-07-31	CVE-2020-14311	There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.	Ubuntu_linux, Grub2, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus	6.0
2020-08-07	CVE-2020-9490	Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.	Http_server, Apache_http_server	7.5