Product:

Enterprise_linux_desktop

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/LibRaw/LibRaw
https://github.com/rubygems/rubygems
https://github.com/kyz/libmspack
https://github.com/the-tcpdump-group/tcpdump
https://github.com/fedora-selinux/setroubleshoot
https://github.com/ntp-project/ntp
https://github.com/mdadams/jasper
https://github.com/neomutt/neomutt
https://github.com/abrt/abrt
https://github.com/paramiko/paramiko
https://github.com/qos-ch/slf4j
https://github.com/rpm-software-management/yum-utils
https://github.com/mjg59/linux
https://github.com/mm2/Little-CMS
https://github.com/ImageMagick/ImageMagick
https://github.com/requests/requests
https://github.com/szukw000/openjpeg
https://github.com/glennrp/libpng
https://github.com/candlepin/subscription-manager
https://github.com/Perl/perl5
https://github.com/git/git
https://github.com/openbsd/src
• git://git.openssl.org/openssl.git
https://github.com/mysql/mysql-server
https://github.com/sosreport/sos-collector
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/dogtagpki/pki
https://github.com/karelzak/util-linux
https://github.com/GNOME/evince
https://git.savannah.gnu.org/git/patch.git
https://github.com/UNINETT/mod_auth_mellon
https://github.com/flori/json
https://github.com/flatpak/flatpak
https://github.com/SELinuxProject/selinux
https://github.com/jpirko/libndp
https://github.com/libguestfs/hivex
https://github.com/vadz/libtiff
https://github.com/jquery/jquery-ui
#Vulnerabilities 1469
Date Id Summary Products Score Patch Annotated
2018-09-03 CVE-2018-16402 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 9.8
2018-10-15 CVE-2018-18310 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2018-10-19 CVE-2018-18520 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-10-19 CVE-2018-18521 Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2019-01-29 CVE-2019-7150 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 5.5
2019-02-09 CVE-2019-7665 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 5.5
2019-07-16 CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2017-01-13 CVE-2016-9811 The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. Debian_linux, Fedora, Gstreamer, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 4.7
2016-06-16 CVE-2016-4171 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Flash_player, Flash_player_for_linux, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension 9.8
2016-06-16 CVE-2016-4124 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Flash_player, Flash_player_for_linux, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension 8.8