Oracle Linux Bulletin - January 2022

 

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin

 

Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 19 April 2022
  • 19 July 2022
  • 18 October 2022
  • 17 January 2023

References

 

Modification History

Date Note
2022-March-15 Rev 3. New CVEs added
2022-February-15 Rev 2. New CVEs added
2022-January-18 Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 50 new security patches for the Oracle Linux. 

Oracle Linux Risk Matrix

 

Revision 3: Published on 2022-03-15

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score		 Attack
Vector		 Attack
Complex		 Privs
Req'd		 User
Interact		 Scope Confid-
entiality		 Inte-
grity		 Avail-
ability
CVE-2022-25235 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2022-25236 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2022-25315 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2022-25235 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2022-25236 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2022-25315 Oracle Linux firefox Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2022-22817 Oracle Linux python-pillow Yes 9.8 Network Low None None Unchanged High High High 7,8
CVE-2022-24407 Oracle Linux cyrus-sasl No 9.1 Network Low High None Changed High High High 7,8
CVE-2022-26485 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2022-26486 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2022-26485 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2022-26486 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2021-4154 Oracle Linux kernel No 8.8 Local Low Low None Changed High High High 8
CVE-2020-36327 Oracle Linux ruby:2.5 Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2020-36327 Oracle Linux ruby:2.6 Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2019-20916 Oracle Linux python-pip No 8.0 Network Low Low Required Unchanged High High High 7
CVE-2022-25636 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2022-0847 Oracle Linux Unbreakable Enterprise kernel-container No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2022-25636 Oracle Linux Unbreakable Enterprise kernel-container No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2020-0466 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 7
CVE-2022-0516 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2022-0847 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2022-0847 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2022-24464 Oracle Linux .NET 5.0 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2022-219862 Oracle Linux .NET 6.0 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2022-24464 Oracle Linux .NET 6.0 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2022-24464 Oracle Linux .NET Core 3.1 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2022-26381 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-26383 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-26384 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-26387 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-22754 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-22764 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7
CVE-2022-26381 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 8
CVE-2022-26383 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 8
CVE-2022-26384 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 8
CVE-2022-26387 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 8
CVE-2020-25709 Oracle Linux openldap Yes 7.5 Network Low None None Unchanged None None High 7
CVE-2020-25710 Oracle Linux openldap Yes 7.5 Network Low None None Unchanged None None High 7
CVE-2021-41817 Oracle Linux ruby:2.6 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-41819 Oracle Linux ruby:2.6 Yes 7.5 Network Low None None Unchanged None High None 8
CVE-2022-22754 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22764 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2021-0920 Oracle Linux kernel No 7.4 Local High None None Unchanged High High High 7
CVE-2021-0920 Oracle Linux kernel No 7.4 Local High None None Unchanged High High High 8
CVE-2022-0435 Oracle Linux kernel No 7.1 Local High Low None Unchanged High High High 8
CVE-2021-3752 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2022-0330 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2022-22942 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2022-0330 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 8
CVE-2022-0492 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 8
CVE-2022-22942 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 8
CVE-2021-31799 Oracle Linux ruby:2.5 No 7.0 Local High None Required Unchanged High High High 8
CVE-2021-31799 Oracle Linux ruby:2.6 No 7.0 Local High None Required Unchanged High High High 8
CVE-2022-0492 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2021-3573 Oracle Linux kernel No 6.7 Local Low High None Unchanged High High High 7
CVE-2020-0465 Oracle Linux kernel No 6.6 Local Low Low None Unchanged High High High 7
CVE-2020-8927 Oracle Linux .NET 5.0 Yes 6.5 Network Low None None Unchanged None Low Low 8
CVE-2020-8927 Oracle Linux .NET Core 3.1 Yes 6.5 Network Low None None Unchanged None Low Low 8
CVE-2022-22816 Oracle Linux python-pillow Yes 6.5 Network Low None None Unchanged None Low Low 7,8
CVE-2021-32066 Oracle Linux ruby:2.5 Yes 6.5 Network High None None Unchanged Low High None 8
CVE-2021-32066 Oracle Linux ruby:2.6 Yes 6.5 Network High None None Unchanged Low High None 8
CVE-2022-24512 Oracle Linux .NET 5.0 Yes 6.3 Network Low None Required Unchanged Low Low Low 8
CVE-2022-24512 Oracle Linux .NET 6.0 Yes 6.3 Network Low None Required Unchanged Low Low Low 8
CVE-2022-24512 Oracle Linux .NET Core 3.1 Yes 6.3 Network Low None Required Unchanged Low Low Low 8
CVE-2022-22756 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2022-22759 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2022-22760 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2022-22761 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2022-22763 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2022-22756 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22759 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22760 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22761 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22763 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2021-4091 Oracle Linux 389-ds-base Yes 5.9 Network High None None Unchanged None None High 7
CVE-2021-4155 Oracle Linux kernel No 5.5 Local Low Low None Unchanged High None None 7
CVE-2021-31810 Oracle Linux ruby:2.5 Yes 5.4 Network Low None Required Unchanged Low Low None 8
CVE-2021-31810 Oracle Linux ruby:2.6 Yes 5.4 Network Low None Required Unchanged Low Low None 8
CVE-2021-26341 Oracle Linux Unbreakable Enterprise kernel-container No 4.7 Local High Low None Unchanged High None None 7,8
CVE-2021-3564 Oracle Linux kernel No 4.7 Local High Low None Unchanged None None High 7
CVE-2021-26341 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged High None None 7,8
CVE-2022-26386 Oracle Linux firefox No 3.3 Local Low Low None Unchanged Low None None 7
CVE-2022-26386 Oracle Linux firefox No 3.3 Local Low Low None Unchanged Low None None 8

Revision 2: Published on 2022-02-15

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score		 Attack
Vector		 Attack
Complex		 Privs
Req'd		 User
Interact		 Scope Confid-
entiality		 Inte-
grity		 Avail-
ability
CVE-2022-219862 Oracle Linux .NET 5.0 Undefined 8
CVE-2021-44142 Oracle Linux samba No 9.9 Network Low Low None Changed High High High 7,8
CVE-2021-44790 Oracle Linux httpd Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2021-44790 Oracle Linux httpd:2.4 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2021-3918 Oracle Linux nodejs:14 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2021-37701 Oracle Linux nodejs:14 No 8.6 Local Low None Required Changed High High High 8
CVE-2021-26691 Oracle Linux httpd Yes 8.1 Network High None None Unchanged High High High 7
CVE-2021-39275 Oracle Linux httpd Yes 8.1 Network High None None Unchanged High High High 7
CVE-2022-23305 Oracle Linux log4j Yes 8.1 Network High None None Unchanged High High High 7
CVE-2022-23307 Oracle Linux log4j Yes 8.1 Network High None None Unchanged High High High 7
CVE-2021-23017 Oracle Linux nginx:1.20 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2021-37712 Oracle Linux nodejs:14 Yes 8.1 Network Low None Required Unchanged None High High 8
CVE-2022-23305 Oracle Linux parfait:0.5 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2022-23307 Oracle Linux parfait:0.5 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2022-23959 Oracle Linux varnish:6 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2022-0185 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7,8,7,8
CVE-2022-0185 Oracle Linux Unbreakable Enterprise kernel-container No 7.8 Local Low Low None Unchanged High High High 7,8,7,8
CVE-2021-45463 Oracle Linux gegl No 7.8 Local Low None Required Unchanged High High High 7
CVE-2021-45463 Oracle Linux gegl04 No 7.8 Local Low None Required Unchanged High High High 8
CVE-2022-0185 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2021-4034 Oracle Linux polkit No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2021-4192 Oracle Linux vim No 7.8 Local Low None Required Unchanged High High High 8
CVE-2021-45417 Oracle Linux aide No 7.5 Network High Low None Unchanged High High High 7,8
CVE-2022-22754 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22764 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2021-34798 Oracle Linux httpd Yes 7.5 Network Low None None Unchanged None None High 7
CVE-2022-23094 Oracle Linux libreswan Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2020-28469 Oracle Linux nodejs:14 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-33502 Oracle Linux nodejs:14 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-3807 Oracle Linux nodejs:14 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-4104 Oracle Linux parfait:0.5 No 7.5 Network High Low None Unchanged High High High 8
CVE-2021-44733 Oracle Linux Unbreakable Enterprise kernel No 7.4 Local High None None Unchanged High High High 7,8
CVE-2021-44733 Oracle Linux Unbreakable Enterprise kernel-container No 7.4 Local High None None Unchanged High High High 7,8
CVE-2020-7788 Oracle Linux nodejs:14 Yes 7.3 Network Low None None Unchanged Low Low Low 8
CVE-2021-3984 Oracle Linux vim No 7.3 Local Low None Required Unchanged Low High High 8
CVE-2021-4019 Oracle Linux vim No 7.1 Local Low None None Changed None None High 8
CVE-2021-3752 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2022-0492 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-3752 Oracle Linux Unbreakable Enterprise kernel-container No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2022-0492 Oracle Linux Unbreakable Enterprise kernel-container No 7.0 Local High Low None Unchanged High High High 7,8,7,8
CVE-2022-0492 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-3640 Oracle Linux Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 7,8
CVE-2021-3640 Oracle Linux Unbreakable Enterprise kernel-container No 6.7 Local Low High None Unchanged High High High 7,8
CVE-2022-23302 Oracle Linux log4j No 6.6 Network High High None Unchanged High High High 7
CVE-2022-23302 Oracle Linux parfait:0.5 No 6.6 Network High High None Unchanged High High High 8
CVE-2021-3872 Oracle Linux vim No 6.6 Local Low None Required Unchanged Low Low High 8
CVE-2022-22756 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22759 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22760 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22761 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22763 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2021-22959 Oracle Linux nodejs:14 Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2021-22960 Oracle Linux nodejs:14 Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2021-3947 Oracle Linux qemu No 6.0 Local Low High None Changed High None None 7
CVE-2021-4158 Oracle Linux qemu No 6.0 Local Low High None Changed None None High 7
CVE-2021-4122 Oracle Linux cryptsetup No 5.9 Local Low None Required Unchanged High High None 8
CVE-2021-4155 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged High None None 7,8
CVE-2021-4155 Oracle Linux Unbreakable Enterprise kernel-container No 5.5 Local Low Low None Unchanged High None None 7,8
CVE-2021-4155 Oracle Linux kernel No 5.5 Local Low Low None Unchanged High None None 8
CVE-2021-4193 Oracle Linux vim No 5.5 Local Low None Required Unchanged High None None 8
CVE-2022-21282 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged Low None None 8
CVE-2022-21283 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21293 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21294 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21296 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged Low None None 8
CVE-2022-21299 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21305 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None Low None 8
CVE-2022-21340 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21341 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21360 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21365 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21282 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged Low None None 7
CVE-2022-21283 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21293 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21294 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21296 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged Low None None 7
CVE-2022-21299 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21305 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None Low None 7
CVE-2022-21340 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21341 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21360 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21365 Oracle Linux java-1.8.0-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7
CVE-2022-21277 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21282 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged Low None None 7,8
CVE-2022-21283 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21291 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None Low None 7,8
CVE-2022-21293 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21294 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21296 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged Low None None 7,8
CVE-2022-21299 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21305 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None Low None 7,8
CVE-2022-21340 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21341 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21360 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21365 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21366 Oracle Linux java-11-openjdk Yes 5.3 Network Low None None Unchanged None None Low 7,8
CVE-2022-21277 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21282 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged Low None None 8
CVE-2022-21283 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21291 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None Low None 8
CVE-2022-21293 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21294 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21296 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged Low None None 8
CVE-2022-21299 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21305 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None Low None 8
CVE-2022-21340 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21341 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21360 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21365 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2022-21366 Oracle Linux java-17-openjdk Yes 5.3 Network Low None None Unchanged None None Low 8
CVE-2021-3521 Oracle Linux rpm No 4.4 Local High Low Required Unchanged None High None 8
CVE-2022-21248 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None Low None 8
CVE-2022-21248 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None Low None 7
CVE-2022-21248 Oracle Linux java-11-openjdk Yes 3.7 Network High None None Unchanged None Low None 7,8
CVE-2022-21248 Oracle Linux java-17-openjdk Yes 3.7 Network High None None Unchanged None Low None 8
CVE-2021-20196 Oracle Linux qemu No 3.2 Local Low High None Changed None None Low 7
CVE-2021-20203 Oracle Linux qemu No 3.2 Local Low High None Changed None None Low 7
CVE-2021-3416 Oracle Linux qemu No 3.2 Local Low High None Changed None None Low 7

Revision 1: Published on 2022-01-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score		 Attack
Vector		 Attack
Complex		 Privs
Req'd		 User
Interact		 Scope Confid-
entiality		 Inte-
grity		 Avail-
ability
CVE-2021-3918 Oracle Linux nodejs:16 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2021-30858 Oracle Linux webkitgtk4 Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2021-3682 Oracle Linux qemu No 8.5 Network High Low None Changed High High High 7
CVE-2021-39275 Oracle Linux httpd Yes 8.1 Network High None None Unchanged High High High 7
CVE-2021-23214 Oracle Linux postgresql:12 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2021-23214 Oracle Linux postgresql:13 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2020-25717 Oracle Linux samba No 8.1 Network Low Low None Unchanged High High None 7
CVE-2020-25717 Oracle Linux samba No 8.1 Network Low Low None Unchanged High High None 8
CVE-2021-39275 Oracle Linux httpd:2.4 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2021-41864 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2021-41864 Oracle Linux Unbreakable Enterprise kernel-container No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2021-3713 Oracle Linux qemu No 7.8 Local High Low None Changed High High High 7
CVE-2021-4008 Oracle Linux xorg-x11-server No 7.8 Local Low Low None Unchanged High High High 7
CVE-2021-4009 Oracle Linux xorg-x11-server No 7.8 Local Low Low None Unchanged High High High 7
CVE-2021-4010 Oracle Linux xorg-x11-server No 7.8 Local Low Low None Unchanged High High High 7
CVE-2021-4011 Oracle Linux xorg-x11-server No 7.8 Local Low Low None Unchanged High High High 7
CVE-2020-36322 Oracle Linux kernel No 7.7 Local Low None None Unchanged None High High 7
CVE-2021-4140 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22737 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22738 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22740 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22741 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22742 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22743 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22751 Oracle Linux firefox Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2021-44716 Oracle Linux go-toolset:ol8 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-44716 Oracle Linux grafana Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-34798 Oracle Linux httpd Yes 7.5 Network Low None None Unchanged None None High 7
CVE-2020-28469 Oracle Linux nodejs:16 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-33502 Oracle Linux nodejs:16 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-3807 Oracle Linux nodejs:16 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-4140 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22737 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22738 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22740 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22741 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22742 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22743 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2022-22751 Oracle Linux thunderbird Yes 7.5 Network High None Required Unchanged High High High 7,8
CVE-2021-34798 Oracle Linux httpd:2.4 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2021-0920 Oracle Linux Unbreakable Enterprise kernel No 7.4 Local High None None Unchanged High High High 7,8
CVE-2021-0920 Oracle Linux Unbreakable Enterprise kernel-container No 7.4 Local High None None Unchanged High High High 7,8
CVE-2021-3712 Oracle Linux openssl Yes 7.4 Network High None None Unchanged High None High 7,8
CVE-2021-0920 Oracle Linux Unbreakable Enterprise kernel No 7.4 Local High None None Unchanged High High High 7
CVE-2020-7788 Oracle Linux nodejs:16 Yes 7.3 Network Low None None Unchanged Low Low Low 8
CVE-2020-25719 Oracle Linux idm:DL1 No 7.2 Network Low High None Unchanged High High High 8
CVE-2020-25719 Oracle Linux ipa No 7.2 Network Low High None Unchanged High High High 7
CVE-2016-2124 Oracle Linux samba No 6.8 Network High Low None Unchanged High High None 7
CVE-2016-2124 Oracle Linux samba No 6.8 Network High Low None Unchanged High High None 8
CVE-2021-42739 Oracle Linux kernel No 6.7 Local Low High None Unchanged High High High 7
CVE-2021-4104 Oracle Linux log4j No 6.6 Network High High None Unchanged High High High 7
CVE-2021-3677 Oracle Linux postgresql:12 No 6.5 Network Low Low None Unchanged High None None 8
CVE-2021-3677 Oracle Linux postgresql:13 No 6.5 Network Low Low None Unchanged High None None 8
CVE-2022-22739 Oracle Linux firefox Yes 6.3 Network Low None Required Unchanged Low Low Low 7,8
CVE-2022-22739 Oracle Linux thunderbird Yes 6.3 Network Low None Required Unchanged Low Low Low 7,8
CVE-2020-25704 Oracle Linux kernel No 6.2 Local Low None None Unchanged None None High 7
CVE-2022-22745 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22748 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2021-22959 Oracle Linux nodejs:16 Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2021-22960 Oracle Linux nodejs:16 Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2022-22745 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2022-22748 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2021-4155 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged High None None 7,8
CVE-2021-4155 Oracle Linux Unbreakable Enterprise kernel-container No 5.5 Local Low Low None Unchanged High None None 7,8
CVE-2021-20321 Oracle Linux kernel No 5.5 Local Low Low None Unchanged None None High 8
CVE-2021-4155 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged High None None 7
CVE-2021-44717 Oracle Linux go-toolset:ol8 Yes 4.8 Network High None None Unchanged Low Low None 8
CVE-2021-23192 Oracle Linux samba Yes 4.8 Network High None None Unchanged Low Low None 8
CVE-2022-22747 Oracle Linux firefox Yes 4.3 Network Low None Required Unchanged None None Low 7,8
CVE-2022-22747 Oracle Linux thunderbird Yes 4.3 Network Low None Required Unchanged None None Low 7,8
CVE-2021-3592 Oracle Linux qemu No 3.8 Local Low Low None Changed Low None None 7
CVE-2021-3593 Oracle Linux qemu No 3.8 Local Low Low None Changed Low None None 7
CVE-2021-3594 Oracle Linux qemu No 3.8 Local Low Low None Changed Low None None 7
CVE-2021-3595 Oracle Linux qemu No 3.8 Local Low Low None Changed Low None None 7
CVE-2021-20257 Oracle Linux qemu No 3.2 Local Low High None Changed None None Low 7
CVE-2021-3930 Oracle Linux qemu No 3.2 Local Low High None Changed None None Low 7
CVE-2021-20257 Oracle Linux virt:ol and virt-devel:rhel No 3.2 Local Low High None Changed None None Low 8
CVE-2021-3930 Oracle Linux virt:ol and virt-devel:rhel No 3.2 Local Low High None Changed None None Low 8
CVE-2020-29129 Oracle Linux qemu No 2.5 Local High High None Changed Low None None 7
CVE-2020-29130 Oracle Linux qemu No 2.5 Local High High None Changed Low None None 7