Enterprise Linux Server Tus
by Red Hat
CVEs (290)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9584 | 0.00 | — | 0.00 | Jan 9, 2015 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660… | |||
| CVE-2014-9529 | 0.00 | — | 0.00 | Jan 9, 2015 | Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key… | |||
| CVE-2014-5353 | 0.00 | — | 0.05 | Dec 16, 2014 | The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with… | |||
| CVE-2014-8567 | 0.00 | — | 0.04 | Nov 14, 2014 | The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. | |||
| CVE-2014-3615 | 0.00 | — | 0.00 | Nov 1, 2014 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||
| CVE-2014-5077 | 0.00 | — | 0.06 | Aug 1, 2014 | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints… | |||
| CVE-2014-5045 | 0.00 | — | 0.00 | Aug 1, 2014 | The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory… | |||
| CVE-2014-4656 | 0.00 | — | 0.01 | Jul 3, 2014 | Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid… | |||
| CVE-2014-3469 | 0.00 | — | 0.04 | Jun 5, 2014 | The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | |||
| CVE-2014-3468 | 0.00 | — | 0.04 | Jun 5, 2014 | The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | |||
| CVE-2014-2440 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2014-2438 | 0.00 | — | 0.03 | Apr 16, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. | |||
| CVE-2014-2436 | 0.00 | — | 0.04 | Apr 16, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR. | |||
| CVE-2014-2432 | 0.00 | — | 0.03 | Apr 16, 2014 | Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. | |||
| CVE-2014-2431 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. | |||
| CVE-2014-2430 | 0.00 | — | 0.03 | Apr 16, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. | |||
| CVE-2014-2419 | 0.00 | — | 0.04 | Apr 16, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||
| CVE-2014-0384 | 0.00 | — | 0.03 | Apr 16, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML. | |||
| CVE-2014-0101 | 0.00 | — | 0.07 | Mar 11, 2014 | The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer… | |||
| CVE-2014-0069 | 0.00 | — | 0.00 | Feb 28, 2014 | The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial… |
- CVE-2014-9584Jan 9, 2015risk 0.00cvss —epss 0.00
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660…
- CVE-2014-9529Jan 9, 2015risk 0.00cvss —epss 0.00
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key…
- CVE-2014-5353Dec 16, 2014risk 0.00cvss —epss 0.05
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with…
- CVE-2014-8567Nov 14, 2014risk 0.00cvss —epss 0.04
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
- CVE-2014-3615Nov 1, 2014risk 0.00cvss —epss 0.00
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
- CVE-2014-5077Aug 1, 2014risk 0.00cvss —epss 0.06
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints…
- CVE-2014-5045Aug 1, 2014risk 0.00cvss —epss 0.00
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory…
- CVE-2014-4656Jul 3, 2014risk 0.00cvss —epss 0.01
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid…
- CVE-2014-3469Jun 5, 2014risk 0.00cvss —epss 0.04
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
- CVE-2014-3468Jun 5, 2014risk 0.00cvss —epss 0.04
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
- CVE-2014-2440Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
- CVE-2014-2438Apr 16, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
- CVE-2014-2436Apr 16, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
- CVE-2014-2432Apr 16, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
- CVE-2014-2431Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
- CVE-2014-2430Apr 16, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
- CVE-2014-2419Apr 16, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
- CVE-2014-0384Apr 16, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
- CVE-2014-0101Mar 11, 2014risk 0.00cvss —epss 0.07
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer…
- CVE-2014-0069Feb 28, 2014risk 0.00cvss —epss 0.00
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial…
Page 14 of 15