Linux enterprise

This hub aggregates every CVE we track for Linux enterprise. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Linux enterprise.

• CVE-2024-23301Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.5.5Jan 12, 2024
• CVE-2023-34256An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly chec...5.5May 31, 2023
• CVE-2021-4028A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element...7.8Aug 24, 2022
• CVE-2021-41819CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.7.5Jan 1, 2022
• CVE-2021-41817Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.7.5Jan 1, 2022
• CVE-2021-4166Out-of-bounds Read in vim/vim7.1Dec 25, 2021
• CVE-2020-14147An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (...7.7Jun 15, 2020
• CVE-2018-14522An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.8.8Jul 23, 2018
• CVE-2018-14523An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.8.8Jul 23, 2018
• CVE-2016-9957Stack-based buffer overflow in game-music-emu before 0.6.1.7.8Apr 12, 2017
• CVE-2016-9958game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.7.8Apr 12, 2017
• CVE-2016-9959game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.7.8Apr 12, 2017
• CVE-2016-8568The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.5.5Feb 3, 2017
• CVE-2016-8569The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.5.5Feb 3, 2017
• CVE-2016-7966Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal ...7.3Dec 23, 2016