VYPR

Enterprise Linux Eus

by Red Hat

Source repositories

CVEs (668)

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-2109HigMay 5, 2016
    risk 0.51cvss 7.5epss 0.29

    The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

  • CVE-2016-2106HigMay 5, 2016
    risk 0.51cvss 7.5epss 0.27

    Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

  • CVE-2017-10309HigOct 19, 2017
    risk 0.50cvss 7.1epss 0.09

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2017-10661HigAug 19, 2017
    risk 0.50cvss 7.0epss 0.13

    Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

  • CVE-2015-7704HigAug 7, 2017
    risk 0.50cvss 7.5epss 0.11

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

  • CVE-2016-8743HigJul 27, 2017
    risk 0.50cvss 7.5epss 0.13

    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or…

  • CVE-2017-3309HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-3308HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…

  • CVE-2016-7426HigJan 13, 2017
    risk 0.50cvss 7.5epss 0.12

    NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2009-4272HigJan 27, 2010
    risk 0.50cvss 7.5epss 0.11

    A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing…

  • CVE-2017-1000410HigDec 7, 2017
    risk 0.49cvss 7.5epss 0.04

    The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their…

  • CVE-2017-10388HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with…

  • CVE-2017-1000115HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.05

    Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

  • CVE-2017-10115HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10067HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to…

  • CVE-2015-7701HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2015-7692HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

  • CVE-2015-7691HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for…

Page 8 of 34