Enterprise Linux Server Aus@5.6 Security Vulnerabilities and Issues — Enterprise Linux Server Aus@5.6 CVE List

Lucene search

RedhatEnterprise Linux Server Aus5.6

10 matches found

CVE•added 2014/09/24 6:48 p.m.•2730 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS

CVE•added 2012/05/11 10:15 a.m.•1642 views

CVE-2012-1823

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS9.9AI score0.94386EPSS

CVE•added 2014/09/25 1:55 a.m.•1238 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS

CVE•added 2011/03/01 11:0 p.m.•117 views

CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

2.1CVSS5.8AI score0.00055EPSS

CVE•added 2011/09/06 4:55 p.m.•112 views

CVE-2011-1776

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or ob...

6.1CVSS7.2AI score0.00123EPSS

CVE•added 2011/02/18 8:0 p.m.•108 views

CVE-2010-4649

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

6.9CVSS6.6AI score0.00069EPSS

CVE•added 2018/07/27 7:29 p.m.•102 views

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the...

7.8CVSS7.1AI score0.03662EPSS

CVE•added 2011/02/18 8:0 p.m.•100 views

CVE-2011-1044

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fil...

2.1CVSS5.4AI score0.00069EPSS

CVE•added 2011/04/10 2:51 a.m.•92 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS

CVE•added 2011/03/15 5:55 p.m.•86 views

CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid point...

5.7CVSS6.2AI score0.00442EPSS