VYPR

Enterprise Linux Eus

by Red Hat

Source repositories

CVEs (668)

  • CVE-2013-1943HigJul 16, 2013
    risk 0.44cvss 7.8epss 0.00

    The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory…

  • CVE-2024-12087MedJan 14, 2025
    risk 0.43cvss 6.5epss 0.02

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive`…

  • CVE-2024-12085HigJan 14, 2025
    risk 0.43cvss 7.5epss 0.09

    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a…

  • CVE-2017-16541MedNov 4, 2017
    risk 0.43cvss 6.5epss 0.04

    Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

  • CVE-2017-10378MedOct 19, 2017
    risk 0.43cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2015-7702MedAug 7, 2017
    risk 0.43cvss 6.5epss 0.05

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

  • CVE-2017-9775MedJun 22, 2017
    risk 0.43cvss 6.5epss 0.04

    Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2017-9461MedJun 6, 2017
    risk 0.43cvss 6.5epss 0.04

    smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

  • CVE-2017-9287MedMay 29, 2017
    risk 0.43cvss 6.5epss 0.07

    servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

  • CVE-2017-3600MedApr 24, 2017
    risk 0.43cvss 6.6epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network…

  • CVE-2017-3244MedJan 27, 2017
    risk 0.43cvss 6.5epss 0.04

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2017-3238MedJan 27, 2017
    risk 0.43cvss 6.5epss 0.05

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2016-5626MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.06

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

  • CVE-2016-5624MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.05

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-5612MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-3492MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.07

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

  • CVE-2016-2775MedJul 19, 2016
    risk 0.43cvss 5.9epss 0.63

    ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

  • CVE-2015-4598MedMay 16, 2016
    risk 0.43cvss 6.5epss 0.04

    PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD…

  • CVE-2015-3411MedMay 16, 2016
    risk 0.43cvss 6.5epss 0.03

    PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the…

  • CVE-2014-1523MedApr 30, 2014
    risk 0.43cvss 6.5epss 0.03

    Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…

Page 11 of 34