Enterprise_linux_server - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux_server
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/krb5/krb5
• https://github.com/ceph/ceph
• https://github.com/libarchive/libarchive
• https://github.com/kyz/libmspack

• https://github.com/LibRaw/LibRaw
• https://github.com/rubygems/rubygems
• https://github.com/madler/zlib
• https://github.com/the-tcpdump-group/tcpdump
• https://github.com/fedora-selinux/setroubleshoot
• https://github.com/mdadams/jasper
• https://github.com/ntp-project/ntp
• https://github.com/neomutt/neomutt
• https://github.com/mm2/Little-CMS
• https://github.com/openbsd/src
• https://github.com/abrt/abrt
• https://github.com/mysql/mysql-server
• https://github.com/golang/go
• https://github.com/dajobe/raptor
• https://github.com/Katello/katello
• https://github.com/opencontainers/runc
• https://github.com/openstack/swift
• https://github.com/qos-ch/slf4j
• git://git.openssl.org/openssl.git
• https://github.com/uclouvain/openjpeg
• https://github.com/SELinuxProject/selinux
• https://github.com/ClusterLabs/pacemaker
• https://github.com/FreeRDP/FreeRDP
• https://github.com/Perl/perl5
• https://github.com/jpirko/libndp
• https://github.com/candlepin/subscription-manager
• https://github.com/dogtagpki/pki
• https://github.com/szukw000/openjpeg
• https://github.com/rpm-software-management/yum-utils
• https://github.com/sosreport/sos-collector
• https://github.com/requests/requests
• https://github.com/glennrp/libpng
• https://github.com/paramiko/paramiko
• https://github.com/ImageMagick/ImageMagick
• https://github.com/git/git
• https://github.com/karelzak/util-linux
• https://github.com/GNOME/evince
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/UNINETT/mod_auth_mellon
• https://github.com/flori/json
• https://github.com/flatpak/flatpak
• https://github.com/libguestfs/hivex
• https://github.com/vadz/libtiff
• https://github.com/jquery/jquery-ui

#Vulnerabilities

1857

Date	Id	Summary	Products	Score	Patch	Annotated
2019-02-04	CVE-2019-3813	Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.	Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Spice	7.5
2019-06-05	CVE-2019-9755	An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.	Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Ntfs\-3g	7.0
2018-09-04	CVE-2018-10904	It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.	Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host	8.8
2018-09-04	CVE-2018-10911	A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.	Debian_linux, Glusterfs, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host	7.5
2018-09-04	CVE-2018-10913	An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.	Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host	6.5
2018-09-04	CVE-2018-10914	It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.	Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host	6.5
2018-09-04	CVE-2018-10923	It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.	Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host	8.1
2018-05-16	CVE-2018-11212	An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.	Ubuntu_linux, Debian_linux, Libjpeg, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite	6.5
2019-01-15	CVE-2018-16846	It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.	Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server	6.5
2019-01-15	CVE-2018-14662	It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.	Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server	5.7