Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1677
Date Id Summary Products Score Patch Annotated
2022-04-29 CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Debian_linux, Qemu, Enterprise_linux 8.2
2022-04-29 CVE-2022-0984 Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. Fedora, Moodle, Enterprise_linux 4.3
2022-05-02 CVE-2021-3750 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial... Qemu, Enterprise_linux 8.2
2022-05-11 CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Qemu, Enterprise_linux 6.5
2022-06-02 CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux 7.8
2022-05-16 CVE-2022-1587 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Fedora, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire, Pcre2, Enterprise_linux 9.1
2022-05-17 CVE-2022-1706 A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. Fedora, Enterprise_linux, Ignition, Openshift_container_platform 6.5
2022-05-18 CVE-2022-30596 A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Fedora, Moodle, Enterprise_linux 5.4
2022-05-18 CVE-2022-30597 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Fedora, Moodle, Enterprise_linux 5.3
2022-05-18 CVE-2022-30598 A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Fedora, Moodle, Enterprise_linux 4.3