Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_workstation
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-03 | CVE-2021-20225 | A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Fedora, Grub2, Ontap_select_deploy_administration_utility, Enterprise_linux, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.7 | ||
| 2021-03-03 | CVE-2021-20233 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Fedora, Grub2, Ontap_select_deploy_administration_utility, Enterprise_linux, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.2 | ||
| 2021-12-23 | CVE-2021-3622 | A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. | Fedora, Enterprise_linux, Enterprise_linux_workstation, Hivex | 4.3 | ||
| 2022-01-28 | CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code.... | Ubuntu_linux, Http_server, Zfs_storage_appliance_kit, Polkit, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Scalance_lpe9403_firmware, Sinumerik_edge, Command_center, Starwind_hyperconverged_appliance, Starwind_virtual_san, Enterprise_storage, Linux_enterprise_desktop, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_workstation_extension, Manager_proxy, Manager_server | 7.8 | ||
| 2022-02-21 | CVE-2021-44142 | The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Gluster_storage, Virtualization_host, Samba, Diskstation_manager | 8.8 | ||
| 2022-04-29 | CVE-2022-1227 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | Fedora, Podman, Psgo, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Openshift_container_platform, Quay | 8.8 | ||
| 2018-07-26 | CVE-2018-10878 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.8 | ||
| 2018-02-09 | CVE-2018-1000026 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.7 | ||
| 2017-06-08 | CVE-2016-4992 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2022-02-18 | CVE-2016-2124 | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_tus, Enterprise_linux_workstation, Gluster_storage, Openstack, Virtualization_host, Samba | 5.9 |