Enterprise Linux FOR IBM Z Systems

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-16	CVE-2021-3551	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. local dogtagpki fedoraproject oracle redhat CWE-312	4.4
2022-01-28	CVE-2021-4034	Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. local low complexity polkit-project redhat canonical suse oracle siemens starwindsoftware CWE-787	7.8
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-05-27	CVE-2020-14301	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in libvirt in versions before 6.3.0. network low complexity redhat netapp CWE-212	4.0
2021-01-05	CVE-2020-27842	Out-of-bounds Read vulnerability in multiple products There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. local low complexity uclouvain fedoraproject debian redhat oracle CWE-125	5.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-02-12	CVE-2020-8945	Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. network high complexity gpgme-project redhat fedoraproject CWE-416	7.5
2019-12-19	CVE-2019-19906	Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. network low complexity cyrusimap debian canonical fedoraproject redhat apple apache CWE-193	7.5
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	2.6
2019-01-25	CVE-2018-16881	Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. network low complexity rsyslog redhat debian CWE-190	7.5