VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,624)

  • CVE-2014-4039Jun 17, 2014
    risk 0.00cvss epss 0.00

    ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and…

  • CVE-2014-4038Jun 17, 2014
    risk 0.00cvss epss 0.00

    ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.

  • CVE-2014-0186Jun 14, 2014
    risk 0.00cvss epss 0.02

    A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

  • CVE-2014-0249Jun 11, 2014
    risk 0.00cvss epss 0.00

    The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

  • CVE-2014-3469Jun 5, 2014
    risk 0.00cvss epss 0.04

    The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

  • CVE-2014-3468Jun 5, 2014
    risk 0.00cvss epss 0.04

    The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

  • CVE-2014-3940Jun 5, 2014
    risk 0.00cvss epss 0.00

    The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via…

  • CVE-2014-3917Jun 5, 2014
    risk 0.00cvss epss 0.00

    kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

  • CVE-2014-0189May 2, 2014
    risk 0.00cvss epss 0.00

    virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

  • CVE-2014-0181Apr 27, 2014
    risk 0.00cvss epss 0.01

    The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink…

  • CVE-2014-0150Apr 18, 2014
    risk 0.00cvss epss 0.01

    Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

  • CVE-2014-2440Apr 16, 2014
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2014-2438Apr 16, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

  • CVE-2014-2436Apr 16, 2014
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

  • CVE-2014-2432Apr 16, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

  • CVE-2014-2431Apr 16, 2014
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

  • CVE-2014-2430Apr 16, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

  • CVE-2014-2419Apr 16, 2014
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

  • CVE-2014-0384Apr 16, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

  • CVE-2011-3346Apr 1, 2014
    risk 0.00cvss epss 0.00

    Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a…

Page 61 of 82