This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2014-06-05
Product Enterprise Linux Eus Last view 2020-01-15
Version 7.7 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_eus

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.1 2020-01-15 CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

7.4 2019-10-14 CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

7.3 2019-08-20 CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

8.1 2019-07-16 CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

8.2 2018-06-13 CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

9.8 2018-03-20 CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

7.5 2017-08-02 CVE-2017-10664

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

4.6 2017-04-11 CVE-2016-5011

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

7.5 2017-02-09 CVE-2017-5848

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

7.5 2017-01-23 CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.5 2017-01-12 CVE-2016-9131

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

7.5 2016-11-02 CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

5.9 2016-07-19 CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

7.8 2016-06-01 CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

6.5 2016-05-25 CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

8.4 2016-04-11 CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

5.3 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

8.6 2016-01-12 CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

7.5 2015-11-12 CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

5 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

3.5 2014-12-16 CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

7.5 2014-12-12 CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

5 2014-11-14 CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

2.1 2014-11-01 CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

CWE : Common Weakness Enumeration

%idName
17% (4) CWE-125 Out-of-bounds Read
17% (4) CWE-20 Improper Input Validation
8% (2) CWE-787 Out-of-bounds Write
8% (2) CWE-476 NULL Pointer Dereference
4% (1) CWE-772 Missing Release of Resource after Effective Lifetime
4% (1) CWE-665 Improper Initialization
4% (1) CWE-617 Reachable Assertion
4% (1) CWE-502 Deserialization of Untrusted Data
4% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
4% (1) CWE-295 Certificate Issues
4% (1) CWE-200 Information Exposure
4% (1) CWE-131 Incorrect Calculation of Buffer Size
4% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089

Snort® IPS/IDS

Date Description
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-74fb8b257b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8b0ad602be.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1313.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1314.nasl - Type: ACT_GATHER_INFO
2018-09-19 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2462.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1159.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1092.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-04-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-999.nasl - Type: ACT_GATHER_INFO
2018-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a4353f97db.nasl - Type: ACT_GATHER_INFO
2018-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a46b358764.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0592.nasl - Type: ACT_GATHER_INFO
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-908f063bb6.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3084-1.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2327-2.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2963-1.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2969-1.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2946-1.nasl - Type: ACT_GATHER_INFO