This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2015-01-09
Product Enterprise Linux Server Eus Last view 2020-01-31
Version 7.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_server_eus

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-01-31 CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

6.5 2020-01-14 CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

7.5 2017-08-07 CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

5.5 2017-07-25 CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.1 2016-06-07 CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.8 2016-06-07 CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

9.8 2016-05-16 CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

7.5 2016-05-16 CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

7.5 2016-05-16 CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

9.8 2016-05-16 CVE-2015-4603

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

9.8 2016-05-16 CVE-2015-4602

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

9.8 2016-05-16 CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

9.8 2016-05-16 CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

9.8 2016-05-16 CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

6.5 2016-05-16 CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

5.3 2016-05-16 CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

6.5 2016-05-16 CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

4.7 2016-05-02 CVE-2015-4170

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.

4 2015-07-16 CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

5 2015-07-06 CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

7.5 2015-07-02 CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

5 2015-06-09 CVE-2015-4148

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

CWE : Common Weakness Enumeration

%idName
27% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (8) CWE-20 Improper Input Validation
9% (4) CWE-189 Numeric Errors
6% (3) CWE-787 Out-of-bounds Write
6% (3) CWE-125 Out-of-bounds Read
6% (3) CWE-19 Data Handling
4% (2) CWE-362 Race Condition
4% (2) CWE-264 Permissions, Privileges, and Access Controls
4% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-361 Time and State
2% (1) CWE-254 Security Features
2% (1) CWE-200 Information Exposure

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083

Snort® IPS/IDS

Date Description
2017-10-24 PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2016-12-20 NTP origin timestamp denial of service attempt
RuleID : 40811 - Type : SERVER-OTHER - Revision : 4
2015-10-06 PHP phar_parse_tarfile method integer overflow attempt
RuleID : 35940 - Type : SERVER-WEBAPP - Revision : 3
2015-10-06 Microsoft System.Uri heap corruption attempt
RuleID : 35858 - Type : FILE-OTHER - Revision : 4
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35093 - Type : SERVER-OTHER - Revision : 3
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35092 - Type : SERVER-OTHER - Revision : 2
2015-08-04 PHP php_parse_metadata heap corruption attempt
RuleID : 35041 - Type : SERVER-WEBAPP - Revision : 2
2015-08-04 PHP php_parse_metadata heap corruption attempt
RuleID : 35040 - Type : SERVER-WEBAPP - Revision : 2
2015-07-28 PHP SoapClient __call method type confusion attempt
RuleID : 34983 - Type : SERVER-WEBAPP - Revision : 2
2015-05-12 PHP unserialize and __wakeup use after free attempt
RuleID : 34054 - Type : SERVER-OTHER - Revision : 2
2015-05-12 PHP unserialize and __wakeup use after free attempt
RuleID : 34053 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1201.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1028.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-02-01 Name: The remote host is affected by multiple vulnerabilities.
File: citrix_xenserver_CTX220112.nasl - Type: ACT_GATHER_INFO
2017-01-26 Name: The version of PHP running on the remote web server is affected by multiple v...
File: php_7_0_15.nasl - Type: ACT_GATHER_INFO
2016-11-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-01.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201610-06.nasl - Type: ACT_GATHER_INFO
2016-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17049.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1912-1.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201607-15.nasl - Type: ACT_GATHER_INFO
2016-07-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1395.nasl - Type: ACT_GATHER_INFO
2016-07-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-823.nasl - Type: ACT_GATHER_INFO
2016-07-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-824.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-17.nasl - Type: ACT_GATHER_INFO
2016-06-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-10.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-05.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1559-1.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1568-1.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-649.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0082.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16900.nasl - Type: ACT_GATHER_INFO