Enterprise_linux_server_eus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux_server_eus
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/libarchive/libarchive
• https://github.com/rubygems/rubygems
• https://github.com/neomutt/neomutt
• https://github.com/mdadams/jasper

• https://github.com/newsoft/libvncserver
• https://github.com/golang/go
• https://github.com/mm2/Little-CMS
• git://git.openssl.org/openssl.git
• https://github.com/ClusterLabs/pacemaker
• https://github.com/FreeRDP/FreeRDP
• https://github.com/jpirko/libndp
• https://github.com/szukw000/openjpeg
• https://github.com/sosreport/sos-collector
• https://github.com/paramiko/paramiko
• https://github.com/krb5/krb5
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/karelzak/util-linux
• https://github.com/GNOME/evince
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/UNINETT/mod_auth_mellon
• https://github.com/flori/json
• https://github.com/flatpak/flatpak
• https://github.com/vadz/libtiff

#Vulnerabilities

624

Date	Id	Summary	Products	Score	Patch	Annotated
2016-06-03	CVE-2016-0376	The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the...	Java_sdk, Suse_linux_enterprise_module_for_legacy_software, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_manager, Suse_manager_proxy, Suse_openstack_cloud, Enterprise_linux_desktop, Enterprise_linux_hpc_node_supplementary, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Satellite	8.1
2016-06-13	CVE-2016-2818	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation	8.8
2018-03-16	CVE-2018-1068	A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host	6.7
2019-01-16	CVE-2017-3145	BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.	Debian_linux, Bind, Junos, Data_ontap_edge, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.5
2018-03-23	CVE-2018-1000140	rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.	Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Librelp	9.8
2018-10-22	CVE-2018-18559	In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker...	Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization_host	8.1
2015-07-14	CVE-2015-5122	Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property,...	Flash_player, Flash_player_desktop_runtime, Evergreen, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension	N/A
2019-02-05	CVE-2018-18506	When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability...	Ubuntu_linux, Debian_linux, Firefox, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	5.9
2018-05-02	CVE-2018-10675	The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.	Ubuntu_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host	7.8
2018-12-06	CVE-2018-9568	In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.	Ubuntu_linux, Android, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.8