#Vulnerabilities 78
Date Id Summary Products Score Patch Annotated
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Date, Ruby, Linux_enterprise 7.5
2023-05-31 CVE-2023-34256 ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Linux_kernel, Linux_enterprise 5.5
2013-11-18 CVE-2013-4480 Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Network_satellite, Satellite, Satellite_with_embedded_oracle, Linux_enterprise, Manager N/A
2022-08-24 CVE-2021-4028 A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. Linux_kernel, Linux_enterprise 7.8
2016-06-20 CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. Ubuntu_linux, Debian_linux, Node\.js, Openssl, Linux, Solaris, Linux_enterprise 5.5
2021-12-25 CVE-2021-4166 vim is vulnerable to Out-of-bounds Read Mac_os_x, Macos, Debian_linux, Fedora, Factory, Enterprise_linux, Linux_enterprise, Vim 7.1
2022-01-01 CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Cgi, Ruby, Linux_enterprise 7.5
2010-12-06 CVE-2010-4180 OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Ubuntu_linux, Debian_linux, Nginx, Fedora, Openssl, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server N/A
2020-06-15 CVE-2020-14147 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. Debian_linux, Communications_operations_monitor, Redis, Linux_enterprise 7.7
2016-03-13 CVE-2016-2802 The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Firefox, Firefox_esr, Leap, Opensuse, Linux, Graphite2, Linux_enterprise 8.8