VYPR

Enterprise Linux Server Aus

by Red Hat

CVEs (435)

  • CVE-2017-10110CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java…

  • CVE-2017-10107CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2017-10101CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-10096CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-10090CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2017-10089CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2017-10087CriAug 8, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2016-2108CriMay 5, 2016
    risk 0.63cvss 9.8epss 0.78

    The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

  • CVE-2015-7547HigFeb 18, 2016
    risk 0.63cvss 8.1epss 0.90

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS…

  • CVE-2017-9462HigJun 6, 2017
    risk 0.62cvss 8.8epss 0.22

    In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

  • CVE-2014-3153HigKEVJun 7, 2014
    risk 0.62cvss 7.8epss 0.37

    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

  • CVE-2022-0492HigKEVMar 3, 2022
    risk 0.61cvss 7.8epss 0.06

    A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation…

  • CVE-2012-2034HigKEVJun 9, 2012
    risk 0.61cvss 7.5epss 0.08

    Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows…

  • CVE-2017-10102CriAug 8, 2017
    risk 0.59cvss 9.0epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2014-1508CriMar 19, 2014
    risk 0.59cvss 9.1epss 0.04

    The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read…

  • CVE-2017-0903CriOct 11, 2017
    risk 0.58cvss 9.8epss 0.16

    RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

  • CVE-2017-1000083HigSep 5, 2017
    risk 0.58cvss 7.8epss 0.50

    backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a…

  • CVE-2017-0899CriAug 31, 2017
    risk 0.58cvss 9.8epss 0.11

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

  • CVE-2016-2818HigJun 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-3069HigApr 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Page 4 of 22