Redhat

Enterprise Linux Server Tus

765 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-16511

  • EPSS 0.37%
  • Published 05.09.2018 06:29:00
  • Last modified 21.11.2024 03:52:52

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

7.8

CVE-2018-15911

  • EPSS 2.7%
  • Published 28.08.2018 04:29:00
  • Last modified 21.11.2024 03:51:42

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

7.8

CVE-2018-15909

  • EPSS 2.27%
  • Published 27.08.2018 17:29:00
  • Last modified 21.11.2024 03:51:41

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

5.5

CVE-2015-5160

  • EPSS 0.15%
  • Published 20.08.2018 21:29:00
  • Last modified 21.11.2024 02:32:28

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

8.8

CVE-2018-10873

  • EPSS 1.27%
  • Published 17.08.2018 12:29:00
  • Last modified 21.11.2024 03:42:11

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p...

7.8

CVE-2018-5390

  • EPSS 3.92%
  • Published 06.08.2018 20:29:01
  • Last modified 21.11.2024 04:08:43

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.8

CVE-2016-9583

Exploit
  • EPSS 0.32%
  • Published 01.08.2018 17:29:00
  • Last modified 21.11.2024 03:01:26

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

5.9

CVE-2016-8635

  • EPSS 0.44%
  • Published 01.08.2018 13:29:00
  • Last modified 21.11.2024 02:59:43

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g...

5.5

CVE-2017-18344

Exploit
  • EPSS 10.16%
  • Published 26.07.2018 19:29:00
  • Last modified 21.11.2024 03:19:53

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID...

4.3

CVE-2018-2952

  • EPSS 0.06%
  • Published 18.07.2018 13:29:02
  • Last modified 21.11.2024 04:04:49

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult t...