This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2015-01-09
Product Enterprise Linux Server Eus Last view 2020-01-31
Version 7.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_server_eus

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-01-31 CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

6.5 2020-01-14 CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

7.8 2020-01-14 CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

7.5 2019-01-16 CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

7.5 2018-08-06 CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.3 2018-06-11 CVE-2018-5144

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

9.8 2018-06-11 CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

9.1 2018-06-11 CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

6.5 2018-03-11 CVE-2014-8130

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

8.8 2018-03-11 CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

7.8 2017-11-06 CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

9.8 2017-10-18 CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8 2017-10-18 CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

8 2017-09-12 CVE-2017-1000251

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

9.1 2017-07-13 CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

7.8 2017-06-19 CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

5.5 2016-09-21 CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

6.5 2016-09-21 CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

7.5 2016-09-21 CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5 2016-09-21 CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

7.8 2016-09-21 CVE-2016-4302

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

7.8 2016-09-21 CVE-2016-4300

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

5.5 2016-08-02 CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

CWE : Common Weakness Enumeration

%idName
18% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (8) CWE-20 Improper Input Validation
9% (6) CWE-200 Information Exposure
7% (5) CWE-787 Out-of-bounds Write
7% (5) CWE-284 Access Control (Authorization) Issues
6% (4) CWE-125 Out-of-bounds Read
4% (3) CWE-416 Use After Free
4% (3) CWE-190 Integer Overflow or Wraparound
3% (2) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
3% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (2) CWE-399 Resource Management Errors
3% (2) CWE-362 Race Condition
3% (2) CWE-189 Numeric Errors
3% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (1) CWE-617 Reachable Assertion
1% (1) CWE-369 Divide By Zero
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (1) CWE-19 Data Handling
1% (1) CWE-17 Code

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 2
2017-06-06 ISC BIND unexpected DNAME CNAME ordering denial of service attempt
RuleID : 42458 - Type : PROTOCOL-DNS - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41902 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41901 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41900 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41899 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41898 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41897 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41894 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41893 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41892 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41891 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41890 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41889 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41888 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41887 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41886 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41885 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41884 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41883 - Type : SERVER-OTHER - Revision : 1
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41809 - Type : FILE-IMAGE - Revision : 2
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41808 - Type : FILE-IMAGE - Revision : 2
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2016-05-25 libarchive RAR RestartModel out of bounds write attempt
RuleID : 39046 - Type : FILE-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL95343321.nasl - Type: ACT_GATHER_INFO
2018-12-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0101.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1345.nasl - Type: ACT_GATHER_INFO
2018-10-25 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1322.nasl - Type: ACT_GATHER_INFO
2018-10-03 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201810-01.nasl - Type: ACT_GATHER_INFO
2018-09-04 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1278.nasl - Type: ACT_GATHER_INFO
2018-09-04 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1279.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-063.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-055.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0010.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0022.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0023.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0027.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1466.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2384.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2390.nasl - Type: ACT_GATHER_INFO
2018-08-07 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1050.nasl - Type: ACT_GATHER_INFO
2018-08-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1049.nasl - Type: ACT_GATHER_INFO
2018-08-07 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4266.nasl - Type: ACT_GATHER_INFO