This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2012-03-22
Product Enterprise Linux Server Aus Last view 2019-04-09
Version 6.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_server_aus

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-04-09 CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

7.5 2019-01-16 CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

8 2017-09-12 CVE-2017-1000251

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

7.8 2017-06-19 CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

7.5 2016-11-02 CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

7.1 2014-08-01 CVE-2014-5077

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

6.9 2014-07-19 CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

7.2 2014-06-07 CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

4.3 2012-07-18 CVE-2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

7.5 2012-06-21 CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

1.2 2012-06-13 CVE-2012-2313

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

9.3 2012-06-05 CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.

6.5 2012-06-05 CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

5.5 2012-06-05 CVE-2012-0248

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

8.8 2012-06-05 CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

6.8 2012-03-22 CVE-2011-3045

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

CWE : Common Weakness Enumeration

%idName
20% (3) CWE-617 Reachable Assertion
13% (2) CWE-269 Improper Privilege Management
13% (2) CWE-20 Improper Input Validation
6% (1) CWE-787 Out-of-bounds Write
6% (1) CWE-476 NULL Pointer Dereference
6% (1) CWE-295 Certificate Issues
6% (1) CWE-264 Permissions, Privileges, and Access Controls
6% (1) CWE-190 Integer Overflow or Wraparound
6% (1) CWE-189 Numeric Errors
6% (1) CWE-125 Out-of-bounds Read
6% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

SAINT Exploits

Description Link
Linux kernel futex_requeue privilege elevation More info here

ExploitDB Exploits

id Description
35370 Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2439-1 (libpng - buffer overflow)
File : nvt/deb_2439_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)
File : nvt/deb_2427_1.nasl
2012-12-24 Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_win.nasl
2012-12-24 Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X)
File : nvt/gb_libreoffice_graphic_object_bof_vuln_macosx.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update)
File : nvt/gb_suse_2012_0466_1.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-27 Name : RedHat Update for kernel RHSA-2012:1304-01
File : nvt/gb_RHSA-2012_1304-01_kernel.nasl
2012-09-27 Name : CentOS Update for kernel CESA-2012:1304 centos6
File : nvt/gb_CESA-2012_1304_kernel_centos6.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice)
File : nvt/glsa_201209_05.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-206-01 libpng
File : nvt/esoft_slk_ssa_2012_206_01.nasl
2012-08-30 Name : Fedora Update for libpng10 FEDORA-2012-3507
File : nvt/gb_fedora_2012_3507_libpng10_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-2508
File : nvt/gb_fedora_2012_2508_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for libpng FEDORA-2012-3605
File : nvt/gb_fedora_2012_3605_libpng_fc17.nasl
2012-08-30 Name : Debian Security Advisory DSA 2487-1 (openoffice.org)
File : nvt/deb_2487_1.nasl
2012-08-24 Name : CentOS Update for kernel CESA-2012:1174 centos5
File : nvt/gb_CESA-2012_1174_kernel_centos5.nasl
2012-08-24 Name : RedHat Update for kernel RHSA-2012:1174-01
File : nvt/gb_RHSA-2012_1174-01_kernel.nasl
2012-08-14 Name : Ubuntu Update for linux-ti-omap4 USN-1530-1
File : nvt/gb_ubuntu_USN_1530_1.nasl
2012-08-14 Name : Fedora Update for libreoffice FEDORA-2012-11402
File : nvt/gb_fedora_2012_11402_libreoffice_fc16.nasl
2012-08-10 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox68.nasl
2012-08-10 Name : FreeBSD Ports: ImageMagick
File : nvt/freebsd_ImageMagick7.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-15 (libpng)
File : nvt/glsa_201206_15.nasl

Snort® IPS/IDS

Date Description
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2017-06-06 ISC BIND unexpected DNAME CNAME ordering denial of service attempt
RuleID : 42458 - Type : PROTOCOL-DNS - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25351 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25350 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25349 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25348 - Type : FILE-IMAGE - Revision : 9
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25347 - Type : FILE-IMAGE - Revision : 8
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25346 - Type : FILE-IMAGE - Revision : 9
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25066 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25065 - Type : FILE-IMAGE - Revision : 5
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22109 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22108 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22107 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22106 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22105 - Type : FILE-IMAGE - Revision : 12
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22104 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21990 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21989 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21988 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21987 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21986 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21985 - Type : FILE-IMAGE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0022.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0023.nasl - Type: ACT_GATHER_INFO
2018-05-24 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL20486351.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1285.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3659.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0174.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3657.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3658.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0173.nasl - Type: ACT_GATHER_INFO
2017-11-21 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2017-086.nasl - Type: ACT_GATHER_INFO
2017-11-16 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1245.nasl - Type: ACT_GATHER_INFO
2017-10-27 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-914.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2930-1.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2792-1.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2793-1.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2796-1.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2797-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2769-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2770-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2771-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2772-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2773-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2774-1.nasl - Type: ACT_GATHER_INFO