Enterprise Linux Server Tus Security Vulnerabilities and Issues — Enterprise Linux Server Tus CVE List

Lucene search

RedhatEnterprise Linux Server Tus

15 matches found

CVE•added 2016/05/05 6:59 p.m.•1044 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.88973EPSS

CVE•added 2016/05/05 6:59 p.m.•1040 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS

CVE•added 2016/05/16 10:59 a.m.•510 views

CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because o...

9.8CVSS8.9AI score0.06362EPSS

CVE•added 2016/05/16 10:59 a.m.•225 views

CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

5.9CVSS5.6AI score0.56556EPSS

CVE•added 2016/05/23 10:59 a.m.•188 views

CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinter...

5.5CVSS5.9AI score0.00178EPSS

CVE•added 2016/05/20 10:59 a.m.•144 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.03399EPSS

CVE•added 2016/05/11 9:59 p.m.•134 views

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

8.8CVSS8.7AI score0.00086EPSS

CVE•added 2016/05/20 10:59 a.m.•113 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.01714EPSS

CVE•added 2016/05/20 10:59 a.m.•106 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.0103EPSS

CVE•added 2016/05/20 10:59 a.m.•105 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.00412EPSS

CVE•added 2016/05/20 10:59 a.m.•103 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.00399EPSS

CVE•added 2016/05/20 10:59 a.m.•101 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.03485EPSS

CVE•added 2016/05/20 10:59 a.m.•99 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.00847EPSS

CVE•added 2016/05/11 9:59 p.m.•98 views

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

5.5CVSS6.4AI score0.00138EPSS

CVE•added 2016/05/25 3:59 p.m.•86 views

CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

6.5CVSS6.4AI score0.00085EPSS