Product:

Enterprise_linux_server

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/libarchive/libarchive
https://github.com/ceph/ceph
https://github.com/LibRaw/LibRaw
#Vulnerabilities 1329
Date ID Summary Products Score Patch
2018-07-10 CVE-2018-3693 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Cortex\-A, Cortex\-R, Atom_c, Atom_e, Atom_x3, Atom_z, Celeron_j, Celeron_n, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Pentium_j, Pentium_n, Xeon, Xeon_bronze_3104, Xeon_bronze_3106, Xeon_e3, Xeon_e3_1105c_v2, Xeon_e3_1125c, Xeon_e3_1125c_v2, Xeon_e3_1220, Xeon_e3_12201, Xeon_e3_12201_v2, Xeon_e3_1220_v2, Xeon_e3_1220_v3, Xeon_e3_1220_v5, Xeon_e3_1220_v6, Xeon_e3_1220l_v3, Xeon_e3_1225, Xeon_e3_1225_v2, Xeon_e3_1225_v3, Xeon_e3_1225_v5, Xeon_e3_1225_v6, Xeon_e3_1226_v3, Xeon_e3_1230, Xeon_e3_1230_v2, Xeon_e3_1230_v3, Xeon_e3_1230_v5, Xeon_e3_1230_v6, Xeon_e3_1230l_v3, Xeon_e3_1231_v3, Xeon_e3_1235, Xeon_e3_1235l_v5, Xeon_e3_1240, Xeon_e3_1240_v2, Xeon_e3_1240_v3, Xeon_e3_1240_v5, Xeon_e3_1240_v6, Xeon_e3_1240l_v3, Xeon_e3_1240l_v5, Xeon_e3_1241_v3, Xeon_e3_1245, Xeon_e3_1245_v2, Xeon_e3_1245_v3, Xeon_e3_1245_v5, Xeon_e3_1245_v6, Xeon_e3_1246_v3, Xeon_e3_1258l_v4, Xeon_e3_1260l, Xeon_e3_1260l_v5, Xeon_e3_1265l_v2, Xeon_e3_1265l_v3, Xeon_e3_1265l_v4, Xeon_e3_1268l_v3, Xeon_e3_1268l_v5, Xeon_e3_1270, Xeon_e3_1270_v2, Xeon_e3_1270_v3, Xeon_e3_1270_v5, Xeon_e3_1270_v6, Xeon_e3_1271_v3, Xeon_e3_1275, Xeon_e3_1275_v2, Xeon_e3_1275_v3, Xeon_e3_1275_v5, Xeon_e3_1275_v6, Xeon_e3_1275l_v3, Xeon_e3_1276_v3, Xeon_e3_1278l_v4, Xeon_e3_1280, Xeon_e3_1280_v2, Xeon_e3_1280_v3, Xeon_e3_1280_v5, Xeon_e3_1280_v6, Xeon_e3_1281_v3, Xeon_e3_1285_v3, Xeon_e3_1285_v4, Xeon_e3_1285_v6, Xeon_e3_1285l_v3, Xeon_e3_1285l_v4, Xeon_e3_1286_v3, Xeon_e3_1286l_v3, Xeon_e3_1290, Xeon_e3_1290_v2, Xeon_e3_1501l_v6, Xeon_e3_1501m_v6, Xeon_e3_1505l_v5, Xeon_e3_1505l_v6, Xeon_e3_1505m_v5, Xeon_e5, Xeon_e5_1428l, Xeon_e5_1428l_v2, Xeon_e5_1428l_v3, Xeon_e5_1620, Xeon_e5_1620_v2, Xeon_e5_1620_v3, Xeon_e5_1620_v4, Xeon_e5_1630_v3, Xeon_e5_1630_v4, Xeon_e5_1650, Xeon_e5_1650_v2, Xeon_e5_1650_v3, Xeon_e5_1650_v4, Xeon_e5_1660, Xeon_e5_1660_v2, Xeon_e5_1660_v3, Xeon_e5_1660_v4, Xeon_e5_1680_v3, Xeon_e5_1680_v4, Xeon_e5_2403, Xeon_e5_2403_v2, Xeon_e5_2407, Xeon_e5_2407_v2, Xeon_e5_2408l_v3, Xeon_e5_2418l, Xeon_e5_2418l_v2, Xeon_e5_2418l_v3, Xeon_e5_2420, Xeon_e5_2420_v2, Xeon_e5_2428l, Xeon_e5_2428l_v2, Xeon_e5_2428l_v3, Xeon_e5_2430, Xeon_e5_2430_v2, Xeon_e5_2430l, Xeon_e5_2430l_v2, Xeon_e5_2438l_v3, Xeon_e5_2440, Xeon_e5_2440_v2, Xeon_e5_2448l, Xeon_e5_2448l_v2, Xeon_e5_2450, Xeon_e5_2450_v2, Xeon_e5_2450l, Xeon_e5_2450l_v2, Xeon_e5_2470, Xeon_e5_2470_v2, Xeon_e5_2603, Xeon_e5_2603_v2, Xeon_e5_2603_v3, Xeon_e5_2603_v4, Xeon_e5_2608l_v3, Xeon_e5_2608l_v4, Xeon_e5_2609, Xeon_e5_2609_v2, Xeon_e5_2609_v3, Xeon_e5_2609_v4, Xeon_e5_2618l_v2, Xeon_e5_2618l_v3, Xeon_e5_2618l_v4, Xeon_e5_2620, Xeon_e5_2620_v2, Xeon_e5_2620_v3, Xeon_e5_2620_v4, Xeon_e5_2623_v3, Xeon_e5_2623_v4, Xeon_e5_2628l_v2, Xeon_e5_2628l_v3, Xeon_e5_2628l_v4, Xeon_e5_2630, Xeon_e5_2630_v2, Xeon_e5_2630_v3, Xeon_e5_2630_v4, Xeon_e5_2630l, Xeon_e5_2630l_v2, Xeon_e5_2630l_v3, Xeon_e5_2630l_v4, Xeon_e5_2637, Xeon_e5_2637_v2, Xeon_e5_2637_v3, Xeon_e5_2637_v4, Xeon_e5_2640, Xeon_e5_2640_v2, Xeon_e5_2640_v3, Xeon_e5_2640_v4, Xeon_e5_2643, Xeon_e5_2643_v2, Xeon_e5_2643_v3, Xeon_e5_2643_v4, Xeon_e5_2648l, Xeon_e5_2648l_v2, Xeon_e5_2648l_v3, Xeon_e5_2648l_v4, Xeon_e5_2650, Xeon_e5_2650_v2, Xeon_e5_2650_v3, Xeon_e5_2650_v4, Xeon_e5_2650l, Xeon_e5_2650l_v2, Xeon_e5_2650l_v3, Xeon_e7, Xeon_e\-1105c, Xeon_gold, Xeon_phi, Xeon_platinum, Xeon_silver, Solidfire_element_os_management_node, Communications_eagle_application_processor, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Struxureware_data_center_expert 5.6
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Utilities_framework, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_application_platform, Slf4j\-Ext 9.8
2018-12-07 CVE-2018-5802 An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2018-12-07 CVE-2018-5800 An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-05-01 CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5
2017-04-17 CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Log4j, Oncommand_api_services, Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Storage_automation_store, Api_gateway, Autovue_vuelink_integration, Banking_platform, Bi_publisher, Communications_converged_application_server_\-_service_controller, Communications_messaging_server, Communications_online_mediation_controller, Communications_pricing_design_center, Communications_service_broker, Communications_webrtc_session_controller, Configuration_manager, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_manager_for_mysql_database, Enterprise_manager_for_oracle_database, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_profitability_management, Flexcube_investor_servicing, Fusion_middleware_mapviewer, Goldengate_application_adapters, Identity_analytics, Identity_management_suite, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Jdeveloper, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_clearance_optimization_engine, Retail_extract_transform_and_load, Retail_integration_bus, Retail_open_commerce_platform, Retail_predictive_application_server, Siebel_ui_framework, Soa_suite, Tape_library_acsls, Utilities_work_and_asset_management, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Debian_linux, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Data_ontap, Data_ontap_edge, E\-Series_santricity_os_controller, Host_agent, Oncommand_balance, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Service_processor, Smi\-S_provider, Snapcenter_server, Snapdrive, Storagegrid, Storagegrid_webscale, Openssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform 7.5
2019-01-16 CVE-2017-3136 A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Debian_linux, Bind, Data_ontap_edge, Element_software, Oncommand_balance, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 5.9
2020-01-15 CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java... Ubuntu_linux, Debian_linux, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Graalvm, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2019-03-21 CVE-2019-7221 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform 7.8