Redhat

Enterprise Linux Server Tus

765 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-6574

Exploit
  • EPSS 31.64%
  • Veröffentlicht 07.02.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:55

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc...

8.8

CVE-2018-6560

  • EPSS 0.09%
  • Veröffentlicht 02.02.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:10:54

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in...

7.8

CVE-2018-1000001

Exploit
  • EPSS 44.63%
  • Veröffentlicht 31.01.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:23

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

5.5

CVE-2018-5750

  • EPSS 0.04%
  • Veröffentlicht 26.01.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:18

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

7.5

CVE-2018-5748

  • EPSS 1.63%
  • Veröffentlicht 25.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:18

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

6

CVE-2018-5683

Exploit
  • EPSS 0.09%
  • Veröffentlicht 23.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:09

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

6.1

CVE-2018-5950

Exploit
  • EPSS 2.43%
  • Veröffentlicht 23.01.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:09:44

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

4.3

CVE-2018-2663

  • EPSS 0.12%
  • Veröffentlicht 18.01.2018 02:29:22
  • Zuletzt bearbeitet 21.11.2024 04:04:11

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploit...

6.8

CVE-2018-2665

  • EPSS 0.41%
  • Veröffentlicht 18.01.2018 02:29:22
  • Zuletzt bearbeitet 21.11.2024 04:04:11

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at...

6.8

CVE-2018-2668

  • EPSS 0.31%
  • Veröffentlicht 18.01.2018 02:29:22
  • Zuletzt bearbeitet 21.11.2024 04:04:11

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at...