Redhat

Enterprise Linux Server Aus

1056 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2016-5386

  • EPSS 60.15%
  • Veröffentlicht 19.07.2016 02:00:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi...

5.5

CVE-2016-4470

  • EPSS 0.06%
  • Veröffentlicht 27.06.2016 10:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft...

7.8

CVE-2016-0758

  • EPSS 0.15%
  • Veröffentlicht 27.06.2016 10:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

8.1

CVE-2016-3698

  • EPSS 2.06%
  • Veröffentlicht 13.06.2016 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity d...

8.8

CVE-2016-2818

  • EPSS 0.4%
  • Veröffentlicht 13.06.2016 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10

CVE-2016-4448

  • EPSS 1.2%
  • Veröffentlicht 09.06.2016 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

7.1

CVE-2016-2150

  • EPSS 0.07%
  • Veröffentlicht 09.06.2016 16:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

10

CVE-2016-0749

  • EPSS 15.98%
  • Veröffentlicht 09.06.2016 16:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

7.8

CVE-2016-5126

  • EPSS 0.26%
  • Veröffentlicht 01.06.2016 22:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

6.5

CVE-2016-4020

  • EPSS 0.09%
  • Veröffentlicht 25.05.2016 15:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).