Enterprise Linux@7.0 Security Vulnerabilities and Issues — Enterprise Linux@7.0 CVE List

Lucene search

RedhatEnterprise Linux7.0

10 matches found

CVE•added 2014/09/24 6:48 p.m.•2728 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS

CVE•added 2014/09/25 1:55 a.m.•1237 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS

CVE•added 2014/08/06 6:55 p.m.•129 views

CVE-2014-3560

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

7.9CVSS7.5AI score0.4146EPSS

CVE•added 2014/07/17 5:10 a.m.•127 views

CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is fr...

9.3CVSS5.2AI score0.07952EPSS

CVE•added 2014/12/24 6:59 p.m.•108 views

CVE-2004-2771

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

7.5CVSS7.8AI score0.02396EPSS

CVE•added 2014/11/03 4:55 p.m.•100 views

CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

5CVSS5.5AI score0.14731EPSS

CVE•added 2014/12/24 6:59 p.m.•89 views

CVE-2014-8137

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

6.8CVSS6.3AI score0.31457EPSS

CVE•added 2014/08/21 2:55 p.m.•87 views

CVE-2014-3562

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

5CVSS6.2AI score0.00307EPSS

CVE•added 2014/12/24 6:59 p.m.•86 views

CVE-2014-8138

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

7.5CVSS6.5AI score0.05895EPSS

CVE•added 2014/06/14 11:18 a.m.•70 views

CVE-2014-0186

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

5CVSS6.5AI score0.00734EPSS