Product:

Enterprise_mrg

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/mjg59/linux
#Vulnerabilities 74
Date Id Summary Products Score Patch Annotated
2016-05-02 CVE-2015-1350 The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. Linux_kernel, Enterprise_linux, Enterprise_mrg N/A
2012-05-17 CVE-2012-1090 The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. Linux_kernel, Enterprise_mrg, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server N/A
2020-05-12 CVE-2020-12826 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process... Ubuntu_linux, Linux_kernel, Enterprise_linux, Enterprise_mrg N/A
2020-02-19 CVE-2012-6685 Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager N/A
2019-11-21 CVE-2012-3460 cumin: At installation postgresql database user created without password Enterprise_mrg N/A
2019-11-06 CVE-2014-8181 The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. Enterprise_linux, Enterprise_mrg N/A
2018-01-14 CVE-2017-15128 A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). Linux_kernel, Enterprise_linux, Enterprise_mrg 5.5
2018-12-18 CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_mrg 8.0
2017-10-18 CVE-2014-3706 ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Enterprise_mrg 5.9