Redhat

Enterprise Linux Eus

778 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2016-7163

Exploit
  • EPSS 0.34%
  • Published 21.09.2016 14:25:28
  • Last modified 12.04.2025 10:46:40

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

5.9

CVE-2016-2775

  • EPSS 34.23%
  • Published 19.07.2016 22:59:00
  • Last modified 12.04.2025 10:46:40

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso...

8.1

CVE-2016-5387

  • EPSS 77.5%
  • Published 19.07.2016 02:00:19
  • Last modified 12.04.2025 10:46:40

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...

7.8

CVE-2016-5126

  • EPSS 0.2%
  • Published 01.06.2016 22:59:08
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

6.5

CVE-2016-4020

  • EPSS 0.06%
  • Published 25.05.2016 15:59:04
  • Last modified 12.04.2025 10:46:40

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

7.5

CVE-2016-3627

  • EPSS 0.29%
  • Published 17.05.2016 14:08:02
  • Last modified 12.04.2025 10:46:40

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...

5.9

CVE-2015-3152

Exploit
  • EPSS 32.48%
  • Published 16.05.2016 10:59:01
  • Last modified 12.04.2025 10:46:40

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade at...

5.5

CVE-2016-3718

Warning
  • EPSS 79.25%
  • Published 05.05.2016 18:59:08
  • Last modified 12.04.2025 10:46:40

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.8

CVE-2016-3715

Warning Exploit
  • EPSS 79.8%
  • Published 05.05.2016 18:59:04
  • Last modified 12.04.2025 10:46:40

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

10

CVE-2016-3427

Warning
  • EPSS 93.75%
  • Published 21.04.2016 11:00:21
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.