Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-21 | CVE-2016-0720 | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | Pcs, Fedora, Enterprise_linux | 8.8 | ||
| 2017-04-21 | CVE-2016-0721 | Session fixation vulnerability in pcsd in pcs before 0.9.157. | Pcs, Fedora, Enterprise_linux | 8.1 | ||
| 2017-08-10 | CVE-2014-0143 | Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted... | Qemu, Enterprise_linux | 7.0 | ||
| 2017-09-14 | CVE-2015-7553 | Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | Enterprise_linux, Enterprise_mrg, Kernel\-Rt | 4.7 | ||
| 2017-12-07 | CVE-2017-15121 | A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 | ||
| 2017-11-30 | CVE-2017-15116 | The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | Linux_kernel, Enterprise_linux | 5.5 | ||
| 2017-12-18 | CVE-2017-15103 | A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | Heketi, Enterprise_linux | 8.8 | ||
| 2017-12-18 | CVE-2017-15104 | An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | Heketi, Enterprise_linux | 7.8 | ||
| 2018-01-09 | CVE-2017-15131 | It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. | Xdg\-User\-Dirs, Enterprise_linux | 7.8 | ||
| 2018-01-14 | CVE-2017-15127 | A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). | Linux_kernel, Enterprise_linux, Enterprise_mrg | 5.5 |