Lucene search

K
RedhatEnterprise Linux7.3

12 matches found

CVE
CVE
added 2018/08/26 4:29 p.m.735 views

CVE-2011-2767

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permittin...

10CVSS9.5AI score0.06221EPSS
CVE
CVE
added 2018/10/06 2:29 p.m.571 views

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

9.8CVSS9.3AI score0.70737EPSS
CVE
CVE
added 2017/04/17 9:59 p.m.517 views

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS9.5AI score0.94013EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.441 views

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10....

7.8CVSS7.3AI score0.55565EPSS
CVE
CVE
added 2018/05/17 4:29 p.m.348 views

CVE-2018-1111

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw t...

7.9CVSS7.9AI score0.88259EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.315 views

CVE-2018-1000199

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed...

5.5CVSS7AI score0.00331EPSS
CVE
CVE
added 2017/09/19 4:29 p.m.237 views

CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.

5.5CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2018/05/09 7:29 a.m.196 views

CVE-2018-10184

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SE...

7.5CVSS7.7AI score0.25058EPSS
CVE
CVE
added 2018/09/21 1:29 p.m.194 views

CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

7.5CVSS7.1AI score0.00149EPSS
CVE
CVE
added 2018/06/26 7:29 p.m.182 views

CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is us...

7.5CVSS7.2AI score0.93243EPSS
CVE
CVE
added 2019/10/14 8:15 p.m.129 views

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks ...

7.4CVSS7AI score0.00287EPSS
CVE
CVE
added 2016/12/22 9:59 p.m.71 views

CVE-2016-9675

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

7.8CVSS8.1AI score0.06297EPSS