Enterprise Linux Server Security Vulnerabilities and Issues — Enterprise Linux Server CVE List

Lucene search

RedhatEnterprise Linux Server

10 matches found

CVE•added 2016/07/19 2:0 a.m.•1415 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary ...

8.1CVSS8AI score0.71301EPSS

CVE•added 2016/07/19 10:59 p.m.•444 views

CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

5.9CVSS5.7AI score0.34225EPSS

CVE•added 2016/07/19 2:0 a.m.•326 views

CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traf...

8.1CVSS8AI score0.81569EPSS

CVE•added 2016/07/23 7:59 p.m.•294 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04288EPSS

CVE•added 2016/07/19 2:0 a.m.•254 views

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an a...

8.1CVSS6.8AI score0.6601EPSS

CVE•added 2016/07/21 10:14 a.m.•147 views

CVE-2016-5440

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

4.9CVSS5.5AI score0.00644EPSS

CVE•added 2016/07/19 2:0 a.m.•110 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appl...

8.1CVSS7.7AI score0.87615EPSS

CVE•added 2016/07/21 10:14 a.m.•107 views

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3CVSS4.6AI score0.04192EPSS

CVE•added 2016/07/03 9:59 p.m.•100 views

CVE-2016-1704

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00802EPSS

CVE•added 2016/07/12 7:59 p.m.•66 views

CVE-2016-5009

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

6.5CVSS6.1AI score0.01361EPSS