This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2007-03-29
Product Enterprise Linux Eus Last view 2020-10-07
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:* 83
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* 42
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* 38
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:* 38
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* 36
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* 36
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* 25
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:* 21
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* 20
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:* 16
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* 11
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:* 11
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:* 8
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* 7
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:* 5
cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:* 3
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:* 3
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:* 2
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* 2
cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:*:server:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:5.6.z:*:server:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:4.6:*:*:*:*:*:*:* 1
cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.6 2020-10-07 CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

6 2020-07-31 CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

6 2020-07-31 CVE-2020-14310

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

9.8 2020-02-07 CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

6.5 2020-01-17 CVE-2019-19339

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.

3.7 2020-01-15 CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-01-15 CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

8.1 2020-01-15 CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

6.8 2020-01-15 CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

4.8 2020-01-15 CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

3.7 2020-01-15 CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

3.7 2020-01-15 CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

8.8 2020-01-14 CVE-2020-0603

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

7.5 2020-01-14 CVE-2020-0602

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

6.5 2019-12-13 CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

8.1 2019-12-13 CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

6.5 2019-12-13 CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

9.1 2019-10-17 CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

7.4 2019-10-14 CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

7.5 2019-09-30 CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

8.8 2019-09-19 CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

7.8 2019-09-17 CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

7.3 2019-08-20 CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

8.1 2019-07-16 CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

7.5 2019-06-18 CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
20% (38) CWE-416 Use After Free
10% (19) CWE-787 Out-of-bounds Write
8% (16) CWE-20 Improper Input Validation
6% (13) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (12) CWE-200 Information Exposure
5% (11) CWE-190 Integer Overflow or Wraparound
5% (11) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (9) CWE-125 Out-of-bounds Read
3% (7) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (6) CWE-476 NULL Pointer Dereference
3% (6) CWE-269 Improper Privilege Management
2% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (4) CWE-362 Race Condition
1% (2) CWE-415 Double Free
1% (2) CWE-346 Origin Validation Error
1% (2) CWE-295 Certificate Issues
1% (2) CWE-287 Improper Authentication
1% (2) CWE-264 Permissions, Privileges, and Access Controls
1% (2) CWE-122 Heap-based Buffer Overflow
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-772 Missing Release of Resource after Effective Lifetime
0% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (1) CWE-665 Improper Initialization
0% (1) CWE-617 Reachable Assertion

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:8349 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlR...
oval:org.mitre.oval:def:10987 PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl ...
oval:org.mitre.oval:def:21702 ELSA-2007:0395: mod_perl security update (Low)
oval:org.mitre.oval:def:10719 The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2...
oval:org.mitre.oval:def:9905 QEMU 0.9.0 does not properly handle changes to removable media, which allows ...
oval:org.mitre.oval:def:7873 DSA-1799 qemu -- several vulnerabilities
oval:org.mitre.oval:def:11182 The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth....
oval:org.mitre.oval:def:22656 ELSA-2008:0885: kernel security and bug fix update (Important)
oval:org.mitre.oval:def:9600 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on ...
oval:org.mitre.oval:def:8508 VMware kernel audit_syscall_entry function vulnerability
oval:org.mitre.oval:def:9409 The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the...
oval:org.mitre.oval:def:6757 Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
oval:org.mitre.oval:def:7359 Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure ...
oval:org.mitre.oval:def:10823 arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 p...
oval:org.mitre.oval:def:7101 Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
oval:org.mitre.oval:def:20189 VMware hosted product updates, ESX patches and VI Client update resolve multi...
oval:org.mitre.oval:def:12862 ESX third party update for Service Console kernel
oval:org.mitre.oval:def:10989 Array index error in the gdth_read_event function in drivers/scsi/gdth.c in t...
oval:org.mitre.oval:def:11916 Double free vulnerability in Google Chrome before 8.0.552.215 via vectors rel...
oval:org.mitre.oval:def:20528 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:20550 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:20437 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:20263 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:19700 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:14116 USN-1146-1 -- linux vulnerabilities

SAINT Exploits

Description Link
Linux Dirty COW Local File Overwrite More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78225 Linux Kernel net/ipv4/igmp.c igmp_heard_query() Function IGMP Query Parsing R...
75652 Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow
74695 Google Chrome Double Free Unspecified libxml XPath Handling Issue
74653 Linux Kernel net/ipv4/inet_diag.c inet_diag_bc_audit() Function Local DoS
73882 Linux Kernel DCCP net/dccp/input.c dccp_rcv_state_process Function CLOSED End...
73460 Linux Kernel Bluetooth net/bluetooth/rfcomm/sock.c rfcomm_sock_getsockopt_old...
73459 Linux Kernel Bluetooth net/bluetooth/l2cap_sock.c l2cap_sock_getsockopt_old()...
73046 Linux Kernel fs/partitions/osf.c osf_partition Function Partition Table Parsi...
73045 Linux Kernel drivers/char/agp/generic.c agp_generic_remove_memory Function AG...
73043 Linux Kernel drivers/char/agp/generic.c Multiple Function Memory Page Call Lo...
73042 Linux Kernel drivers/char/agp/generic.c agp_generic_insert_memory Function AG...
72993 Linux Kernel drivers/infiniband/core/uverbs_cmd.c ib_uverbs_poll_cq Function ...
71992 Linux Kernel kernel/pid.c next_pidmap() Function Local DoS
71653 Linux Kernel rt_*sigqueueinfo() Functions SI_TKILL Signal Spoofing
71649 Linux Kernel drivers/infiniband/core/uverbs_cmd.c ib_uverbs_poll_cq Function ...
71480 Linux Kernel cm_work_handler() Function InfiniBand Request Handling DoS
69673 Google Chrome XPath Handling Double-free Remote DoS
60311 Linux Kernel drivers/scsi/gdth.c gdth_read_event() Function IOCTL Handling Lo...
59082 Linux Kernel on x86_64 arch/x86/ia32/ia32entry.S 64-bit Mode ia32 Process Loc...
59070 Linux Kernel tc Subsystem net/sched/sch_api.c tc_fill_tclass Function Local M...
57821 Linux Kernel net/sched/sch_api.c tc_fill_tclass() Function Kernel Memory Disc...
52461 Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross...
52201 Linux Kernel syscall Filtering 32/64-bit Switching Bypass
48798 QEMU -usbdevice Option diskformat: Parameter Host OS Arbitrary File Access
47362 Linux Kernel snd_seq_oss_synth_make_info() Function Local Information Disclosure

ExploitDB Exploits

id Description
33516 Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition...
18378 Linux IGMP Remote Denial Of Service (Introduced in linux-2.6.36)

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2389_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)
File : nvt/deb_2427_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20404
File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20446
File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos5
File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos6
File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl
2012-12-26 Name : RedHat Update for libtiff RHSA-2012:1590-01
File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security)
File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1345_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-13 Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN)
File : nvt/gb_suse_2012_1572_1.nasl
2012-12-06 Name : CentOS Update for kernel CESA-2012:1540 centos5
File : nvt/gb_CESA-2012_1540_kernel_centos5.nasl
2012-12-06 Name : RedHat Update for kernel RHSA-2012:1540-01
File : nvt/gb_RHSA-2012_1540-01_kernel.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-B-0044 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0037773
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0148 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0033794
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252
2011-A-0075 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0028311
2010-A-0015 Multiple Vulnerabilities in Red Hat Linux Kernel
Severity: Category I - VMSKEY: V0022631
2010-A-0001 Multiple Vulnerabilities in Linux Kernel
Severity: Category I - VMSKEY: V0022180

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2018-01-18 Multiple browser pressure function denial of service attempt
RuleID : 45206 - Type : BROWSER-FIREFOX - Revision : 3
2018-01-10 Multiple products non-ascii sender address spoofing attempt
RuleID : 45119 - Type : SERVER-MAIL - Revision : 3
2018-01-10 Multiple products non-ascii sender address spoofing attempt
RuleID : 45118 - Type : SERVER-MAIL - Revision : 3
2018-01-10 Multiple products non-ascii sender address spoofing attempt
RuleID : 45116 - Type : SERVER-MAIL - Revision : 4
2018-01-10 Multiple products non-ascii sender address spoofing attempt
RuleID : 45115 - Type : SERVER-MAIL - Revision : 4
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40566 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40565 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40564 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40563 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40562 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40561 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40560 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40543 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40542 - Type : OS-LINUX - Revision : 2
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-15 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37654 - Type : OS-LINUX - Revision : 2
2016-03-15 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 37626 - Type : BROWSER-FIREFOX - Revision : 2
2016-03-14 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37408 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-0edb45d9db.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-44f8a7454d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-46d7a7f63e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-527698a904.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-5453baa4af.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5521156807.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-74fb8b257b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8b0ad602be.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8f0df2c366.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-db0d3e157e.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1432.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-07.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3651.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1382.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1578.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1103.nasl - Type: ACT_GATHER_INFO