VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,623)

  • CVE-2023-3773MedJul 25, 2023
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential…

  • CVE-2023-3772MedJul 25, 2023
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial…

  • CVE-2014-8181MedNov 6, 2019
    risk 0.36cvss 5.5epss 0.00

    The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

  • CVE-2016-3695MedDec 29, 2017
    risk 0.36cvss 5.5epss 0.01

    The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

  • CVE-2017-15121MedDec 7, 2017
    risk 0.36cvss 5.5epss 0.00

    A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

  • CVE-2017-15116MedNov 30, 2017
    risk 0.36cvss 5.5epss 0.00

    The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2017-3157MedNov 20, 2017
    risk 0.36cvss 5.5epss 0.03

    By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information,…

  • CVE-2015-3149MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

  • CVE-2016-5410MedApr 19, 2017
    risk 0.36cvss 5.5epss 0.00

    firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

  • CVE-2017-6011MedFeb 16, 2017
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

  • CVE-2017-6010MedFeb 16, 2017
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

  • CVE-2017-6009MedFeb 16, 2017
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the…

  • CVE-2016-2518MedJan 30, 2017
    risk 0.36cvss 5.3epss 0.15

    The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

  • CVE-2016-5824MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.02

    libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

  • CVE-2016-7796MedOct 13, 2016
    risk 0.36cvss 5.5epss 0.01

    The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

  • CVE-2016-5403MedAug 2, 2016
    risk 0.36cvss 5.5epss 0.01

    The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

  • CVE-2016-4470MedJun 27, 2016
    risk 0.36cvss 5.5epss 0.01

    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2015-1350MedMay 2, 2016
    risk 0.36cvss 5.5epss 0.00

    The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a…

  • CVE-2016-0666MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

Page 35 of 82