Product:

Enterprise_linux_server

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/LibRaw/LibRaw
https://github.com/rubygems/rubygems
https://github.com/kyz/libmspack
https://github.com/the-tcpdump-group/tcpdump
https://github.com/fedora-selinux/setroubleshoot
https://github.com/ntp-project/ntp
https://github.com/mdadams/jasper
https://github.com/neomutt/neomutt
https://github.com/golang/go
https://github.com/abrt/abrt
https://github.com/paramiko/paramiko
https://github.com/opencontainers/runc
https://github.com/qos-ch/slf4j
https://github.com/rpm-software-management/yum-utils
https://github.com/mm2/Little-CMS
https://github.com/ImageMagick/ImageMagick
https://github.com/requests/requests
https://github.com/szukw000/openjpeg
https://github.com/glennrp/libpng
https://github.com/candlepin/subscription-manager
https://github.com/Perl/perl5
https://github.com/git/git
https://github.com/openbsd/src
• git://git.openssl.org/openssl.git
https://github.com/mysql/mysql-server
https://github.com/sosreport/sos-collector
https://github.com/dogtagpki/pki
https://github.com/karelzak/util-linux
https://github.com/ClusterLabs/pacemaker
https://github.com/GNOME/evince
https://git.savannah.gnu.org/git/patch.git
https://github.com/UNINETT/mod_auth_mellon
https://github.com/flori/json
https://github.com/flatpak/flatpak
https://github.com/SELinuxProject/selinux
https://github.com/jpirko/libndp
https://github.com/libguestfs/hivex
https://github.com/vadz/libtiff
https://github.com/jquery/jquery-ui
#Vulnerabilities 1415
Date Id Summary Products Score Patch Annotated
2017-01-23 CVE-2016-9446 The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. Fedora, Gstreamer, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.5
2018-04-18 CVE-2018-1088 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. Debian_linux, Leap, Enterprise_linux_server, Gluster_storage, Virtualization, Virtualization_host 8.1
2018-08-29 CVE-2018-16062 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2018-09-03 CVE-2018-16402 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 9.8
2018-10-15 CVE-2018-18310 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2018-10-19 CVE-2018-18520 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-10-19 CVE-2018-18521 Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2018-10-31 CVE-2018-14659 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. Debian_linux, Enterprise_linux_server, Gluster_file_system, Virtualization, Virtualization_host 6.5
2018-10-31 CVE-2018-14654 The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Gluster_storage, Virtualization, Virtualization_host 6.5
2018-10-31 CVE-2018-14661 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Debian_linux, Glusterfs, Enterprise_linux_server, Virtualization, Virtualization_host 6.5