This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2014-10-22
Product Enterprise Linux Server Eus Last view 2020-01-31
Version 7.4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_server_eus

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-01-31 CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8 2020-01-31 CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

6.5 2020-01-14 CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

7.8 2020-01-14 CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

7.8 2019-11-04 CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8 2019-11-04 CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.5 2019-01-16 CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

7.5 2019-01-16 CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

7.5 2019-01-16 CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

5.9 2019-01-16 CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

3.7 2019-01-16 CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

7.5 2019-01-16 CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

5.9 2019-01-16 CVE-2017-3136

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

5.9 2019-01-16 CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

7.8 2019-01-11 CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

5.5 2018-12-12 CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

6.5 2018-10-31 CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

7.8 2018-09-10 CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

7.5 2018-09-06 CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

7.5 2018-08-30 CVE-2018-14622

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

5.5 2018-08-20 CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

7.5 2018-08-06 CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.8 2018-08-01 CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

8.1 2018-08-01 CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
20% (46) CWE-416 Use After Free
18% (42) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (25) CWE-20 Improper Input Validation
7% (17) CWE-787 Out-of-bounds Write
6% (15) CWE-200 Information Exposure
6% (15) CWE-125 Out-of-bounds Read
3% (8) CWE-190 Integer Overflow or Wraparound
2% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (4) CWE-362 Race Condition
1% (4) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (3) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (2) CWE-617 Reachable Assertion
0% (2) CWE-502 Deserialization of Untrusted Data
0% (2) CWE-476 NULL Pointer Dereference
0% (2) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
0% (2) CWE-346 Origin Validation Error
0% (2) CWE-320 Key Management Errors
0% (2) CWE-254 Security Features
0% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (2) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
0% (1) CWE-772 Missing Release of Resource after Effective Lifetime
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-755 Improper Handling of Exceptional Conditions

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-04-30 Unix systemd-journald memory corruption attempt
RuleID : 49618 - Type : FILE-OTHER - Revision : 1
2019-04-30 Unix systemd-journald memory corruption attempt
RuleID : 49617 - Type : FILE-OTHER - Revision : 1
2018-11-10 libvorbis VORBIS audio data out of bounds write attempt
RuleID : 48106 - Type : FILE-MULTIMEDIA - Revision : 1
2018-11-10 libvorbis VORBIS audio data out of bounds write attempt
RuleID : 48105 - Type : FILE-MULTIMEDIA - Revision : 1
2018-09-18 LibreOffice WEBSERVICE arbitrary file disclosure attempt
RuleID : 47566 - Type : FILE-OFFICE - Revision : 1
2018-09-18 LibreOffice WEBSERVICE arbitrary file disclosure attempt
RuleID : 47565 - Type : FILE-OFFICE - Revision : 1
2018-06-26 Ruby Net FTP library command injection attempt
RuleID : 46791 - Type : SERVER-WEBAPP - Revision : 2
2018-02-20 ISC DHCPD remote denial of service attempt
RuleID : 45499 - Type : SERVER-OTHER - Revision : 4
2018-02-20 Mozilla Firefox HTTP index format out of bounds read attempt
RuleID : 45476 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-26 tcpdump ISAKMP parser buffer overflow attempt
RuleID : 44161 - Type : SERVER-OTHER - Revision : 2
2017-09-26 tcpdump ISAKMP parser buffer overflow attempt
RuleID : 44160 - Type : SERVER-OTHER - Revision : 2
2017-08-31 Apache mod_auth_digest out of bounds read attempt
RuleID : 43790 - Type : SERVER-OTHER - Revision : 3
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43347 - Type : BROWSER-FIREFOX - Revision : 2
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43346 - Type : BROWSER-FIREFOX - Revision : 2
2017-06-06 ISC BIND unexpected DNAME CNAME ordering denial of service attempt
RuleID : 42458 - Type : PROTOCOL-DNS - Revision : 2
2016-12-02 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40896-community - Type : BROWSER-FIREFOX - Revision : 3
2017-01-04 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40896 - Type : BROWSER-FIREFOX - Revision : 3
2016-12-01 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40888-community - Type : BROWSER-FIREFOX - Revision : 3
2017-01-04 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40888 - Type : BROWSER-FIREFOX - Revision : 3
2016-12-29 OpenSSL SSLv3 warning denial of service attempt
RuleID : 40843 - Type : SERVER-OTHER - Revision : 3
2016-12-20 NTP origin timestamp denial of service attempt
RuleID : 40811 - Type : SERVER-OTHER - Revision : 4
2016-10-25 Multiple SQL products privilege escalation attempt
RuleID : 40254 - Type : SERVER-MYSQL - Revision : 2
2016-10-25 Multiple SQL products privilege escalation attempt
RuleID : 40253 - Type : SERVER-MYSQL - Revision : 2
2016-03-14 NTP arbitrary pidfile and driftfile overwrite attempt
RuleID : 37526 - Type : SERVER-OTHER - Revision : 3
2016-03-14 NTP arbitrary pidfile and driftfile overwrite attempt
RuleID : 37525 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1141.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-44f8a7454d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-527698a904.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5521156807.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-db0d3e157e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-def329f680.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ed8d7c62c9.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL95343321.nasl - Type: ACT_GATHER_INFO
2018-12-05 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0101.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1679.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1759.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1378.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1379.nasl - Type: ACT_GATHER_INFO
2018-11-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1580.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO