VYPR

Enterprise Linux Desktop

by Red Hat

CVEs (999)

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2009-4272HigJan 27, 2010
    risk 0.50cvss 7.5epss 0.11

    A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2017-1000410HigDec 7, 2017
    risk 0.49cvss 7.5epss 0.04

    The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their…

  • CVE-2017-5068HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

  • CVE-2017-10388HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with…

  • CVE-2017-1000115HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.05

    Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

  • CVE-2015-3405HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.05

    ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the…

  • CVE-2017-10115HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10067HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to…

  • CVE-2015-7701HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2015-7692HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

  • CVE-2015-7691HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for…

  • CVE-2017-10664HigAug 2, 2017
    risk 0.49cvss 7.5epss 0.04

    qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

  • CVE-2015-7703HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.04

    The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote…

  • CVE-2015-5300HigJul 21, 2017
    risk 0.49cvss 7.5epss 0.09

    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…

  • CVE-2017-10978HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

  • CVE-2017-1000050HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

  • CVE-2016-5416HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.03

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control…

  • CVE-2016-4992HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component…

Page 15 of 50