Enterprise Linux Server Security Vulnerabilities and Issues — Enterprise Linux Server CVE List

Lucene search

RedhatEnterprise Linux Server

9 matches found

CVE•added 2015/03/30 10:59 a.m.•275 views

CVE-2015-2787

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an ...

7.5CVSS8.1AI score0.81778EPSS

CVE•added 2015/03/30 10:59 a.m.•261 views

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name o...

7.5CVSS7.9AI score0.16344EPSS

CVE•added 2015/03/30 10:59 a.m.•231 views

CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

5CVSS7.4AI score0.02435EPSS

CVE•added 2015/03/02 11:59 a.m.•125 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS

CVE•added 2015/03/02 11:59 a.m.•116 views

CVE-2015-0239

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SY...

4.4CVSS5.7AI score0.00101EPSS

CVE•added 2015/03/18 4:59 p.m.•86 views

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home direct...

4.4CVSS6.3AI score0.0011EPSS

CVE•added 2015/03/09 12:59 a.m.•72 views

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (app...

7.5CVSS6.7AI score0.01073EPSS

CVE•added 2015/03/09 12:59 a.m.•68 views

CVE-2015-1231

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.6AI score0.01158EPSS

CVE•added 2015/03/09 12:59 a.m.•64 views

CVE-2015-1229

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5CVSS6AI score0.00317EPSS