Enterprise Linux Server Security Vulnerabilities and Issues — Enterprise Linux Server CVE List

Lucene search

RedhatEnterprise Linux Server

8 matches found

CVE•added 2014/12/16 6:59 p.m.•99 views

CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5CVSS8.4AI score0.02089EPSS

CVE•added 2014/12/12 3:59 p.m.•91 views

CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

7.5CVSS7.1AI score0.02455EPSS

CVE•added 2014/12/16 11:59 p.m.•79 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS

CVE•added 2014/12/19 3:59 p.m.•76 views

CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1CVSS7.1AI score0.00131EPSS

CVE•added 2014/12/18 3:59 p.m.•75 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.11576EPSS

CVE•added 2014/12/18 3:59 p.m.•69 views

CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5CVSS8.7AI score0.04433EPSS

CVE•added 2014/12/08 4:59 p.m.•66 views

CVE-2014-9273

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

4.6CVSS7.1AI score0.00179EPSS

CVE•added 2014/12/25 9:59 p.m.•52 views

CVE-2014-7300

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a...

7.2CVSS7.2AI score0.00044EPSS