VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,624)

  • CVE-2016-0720HigApr 21, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

  • CVE-2016-7426HigJan 13, 2017
    risk 0.50cvss 7.5epss 0.12

    NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2011-3191HigMay 24, 2012
    risk 0.50cvss 8.8epss 0.01

    Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read…

  • CVE-2009-4272HigJan 27, 2010
    risk 0.50cvss 7.5epss 0.11

    A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-9064HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of…

  • CVE-2026-5201HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user…

  • CVE-2026-3497HigMar 12, 2026
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does…

  • CVE-2025-7424HigJul 10, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may…

  • CVE-2025-26465MedFeb 18, 2025
    risk 0.49cvss 6.8epss 0.07

    A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when…

  • CVE-2023-50781HigFeb 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2023-52356HigJan 25, 2024
    risk 0.49cvss 7.5epss 0.02

    A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

  • CVE-2023-39198HigNov 9, 2023
    risk 0.49cvss 7.5epss 0.00

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the…

  • CVE-2023-4154HigNov 7, 2023
    risk 0.49cvss 7.5epss 0.01

    A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes,…

  • CVE-2023-5824HigNov 3, 2023
    risk 0.49cvss 7.5epss 0.05

    A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is…

  • CVE-2023-5557HigOct 13, 2023
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

  • CVE-2023-5157HigSep 27, 2023
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

  • CVE-2023-5156HigSep 25, 2023
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

  • CVE-2023-39417HigAug 11, 2023
    risk 0.49cvss 7.5epss 0.02

    IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension,…

Page 19 of 82