VYPR

Enterprise Linux Workstation

by Red Hat

CVEs (891)

  • CVE-2017-11215CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --…

  • CVE-2017-11213CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an…

  • CVE-2017-14746CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.10

    Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

  • CVE-2017-1000116CriOct 5, 2017
    risk 0.64cvss 9.8epss 0.06

    Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

  • CVE-2017-14064CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.09

    Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…

  • CVE-2017-9788CriJul 13, 2017
    risk 0.64cvss 9.1epss 0.57

    In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…

  • CVE-2016-7050CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.05

    SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

  • CVE-2016-5405CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.03

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

  • CVE-2016-9843CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

  • CVE-2016-9841CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.07

    inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

  • CVE-2017-5205CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

  • CVE-2017-5204CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

  • CVE-2017-5203CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

  • CVE-2017-5202CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

  • CVE-2016-9636CriJan 27, 2017
    risk 0.64cvss 9.8epss 0.09

    Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond…

  • CVE-2016-9635CriJan 27, 2017
    risk 0.64cvss 9.8epss 0.09

    Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond…

  • CVE-2016-9634CriJan 27, 2017
    risk 0.64cvss 9.8epss 0.09

    Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

  • CVE-2014-8241CriDec 14, 2016
    risk 0.64cvss 9.8epss 0.03

    XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

  • CVE-2016-5408CriAug 10, 2016
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an…

  • CVE-2016-4448CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.07

    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Page 4 of 45