Redhat

Enterprise Linux Server

1890 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-1000001

Exploit
  • EPSS 44.63%
  • Published 31.01.2018 14:29:00
  • Last modified 21.11.2024 03:39:23

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

5.5

CVE-2018-5750

  • EPSS 0.04%
  • Published 26.01.2018 19:29:00
  • Last modified 21.11.2024 04:09:18

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

7.5

CVE-2018-5748

  • EPSS 1.63%
  • Published 25.01.2018 16:29:00
  • Last modified 21.11.2024 04:09:18

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

9.8

CVE-2018-1000007

  • EPSS 2.93%
  • Published 24.01.2018 22:29:00
  • Last modified 21.11.2024 03:39:24

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow r...

6

CVE-2018-5683

Exploit
  • EPSS 0.09%
  • Published 23.01.2018 18:29:00
  • Last modified 21.11.2024 04:09:09

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

6.1

CVE-2018-5950

Exploit
  • EPSS 2.43%
  • Published 23.01.2018 16:29:01
  • Last modified 21.11.2024 04:09:44

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

9.8

CVE-2016-6814

  • EPSS 2.8%
  • Published 18.01.2018 18:29:00
  • Last modified 21.11.2024 02:56:53

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f...

4.3

CVE-2018-2663

  • EPSS 0.11%
  • Published 18.01.2018 02:29:22
  • Last modified 21.11.2024 04:04:11

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploit...

6.8

CVE-2018-2665

  • EPSS 0.41%
  • Published 18.01.2018 02:29:22
  • Last modified 21.11.2024 04:04:11

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at...

6.8

CVE-2018-2668

  • EPSS 0.31%
  • Published 18.01.2018 02:29:22
  • Last modified 21.11.2024 04:04:11

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at...