Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
There are 260 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2018-14622

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Published: August 30, 2018; 9:29:00 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

Published: August 20, 2018; 5:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Published: August 06, 2018; 4:29:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Published: August 01, 2018; 1:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

Published: August 01, 2018; 12:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Published: August 01, 2018; 9:29:00 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

Published: August 01, 2018; 2:29:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

Published: July 30, 2018; 11:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Published: July 27, 2018; 5:29:00 PM -0400
V3.0: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Published: July 27, 2018; 5:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-15101

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

Published: July 27, 2018; 4:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

Published: July 27, 2018; 4:29:00 PM -0400
V3.0: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Published: July 27, 2018; 4:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Published: July 27, 2018; 3:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Published: July 27, 2018; 3:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Published: July 27, 2018; 3:29:00 PM -0400
V3.0: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Published: July 27, 2018; 3:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Published: July 27, 2018; 3:29:00 PM -0400
V3.0: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Published: July 27, 2018; 2:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Published: July 27, 2018; 2:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW