Red Hat Enterprise Linux For IBM Z Systems Extended Update Support (EUS) 8.1

CPE Details

Red Hat Enterprise Linux For IBM Z Systems Extended Update Support (EUS) 8.1
redhat
enterprise_linux_for_ibm_z_systems_eus
8.1
2021-11-26
16h27 +00:00
2021-12-10
17h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

enterprise_linux_for_ibm_z_systems_eus

Version

8.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3656 2022-03-04
17h41 +00:00		 A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
8.8
High
CVE-2021-3672 2021-11-22
23h00 +00:00		 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
5.6
Medium
CVE-2020-9490 2020-08-07
13h24 +00:00		 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
7.5
High
CVE-2019-14815 2019-11-25
09h51 +00:00		 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
7.8
High
CVE-2019-15718 2019-09-04
09h04 +00:00		 In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
4.4
Medium
CVE-2019-6454 2019-03-17
15h38 +00:00		 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
5.5
Medium