Enterprise_linux_server_tus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux_server_tus
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/rubygems/rubygems
• https://github.com/krb5/krb5
• https://github.com/neomutt/neomutt
• https://github.com/mdadams/jasper

• https://github.com/golang/go
• https://github.com/mm2/Little-CMS
• https://github.com/qos-ch/slf4j
• git://git.openssl.org/openssl.git
• https://github.com/uclouvain/openjpeg
• https://github.com/SELinuxProject/selinux
• https://github.com/FreeRDP/FreeRDP
• https://github.com/Perl/perl5
• https://github.com/apache/httpd
• https://github.com/openssh/openssh-portable
• https://github.com/openbsd/src
• https://github.com/mysql/mysql-server
• https://github.com/paramiko/paramiko
• https://github.com/ImageMagick/ImageMagick
• https://github.com/git/git
• https://github.com/GNOME/evince
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/UNINETT/mod_auth_mellon
• https://github.com/flori/json
• https://github.com/flatpak/flatpak
• https://github.com/vadz/libtiff

#Vulnerabilities

743

Date	Id	Summary	Products	Score	Patch	Annotated
2017-08-07	CVE-2015-7691	The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.	Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2018-01-23	CVE-2018-5683	The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.	Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization	N/A
2018-04-23	CVE-2017-17833	OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.	Ubuntu_linux, Debian_linux, Bm_nextscale_fan_power_controller, Cmm, Fan_power_controller, Flex_system_fc3171_8gb_san_switch_firmware, Imm1, Imm2, Storage_n3310_firmware, Storage_n4610_firmware, Thinkserver_rd340_firmware, Thinkserver_rd350_firmware, Thinkserver_rd350g_firmware, Thinkserver_rd350x_firmware, Thinkserver_rd440_firmware, Thinkserver_rd450_firmware, Thinkserver_rd450x_firmware, Thinkserver_rd540_firmware, Thinkserver_rd550_firmware, Thinkserver_rd640_firmware, Thinkserver_rd650_firmware, Thinkserver_rq750_firmware, Thinkserver_rs160_firmware, Thinkserver_sd350_firmware, Thinkserver_td340_firmware, Thinkserver_td350_firmware, Thinkserver_ts460_firmware, Thinksystem_hr630x_firmware, Thinksystem_hr650x_firmware, Thinksystem_sr630_firmware, Xclarity_administrator, Openslp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	9.8
2017-06-06	CVE-2017-9462	In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.	Debian_linux, Mercurial, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2020-01-08	CVE-2019-17022	When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist....	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2020-01-08	CVE-2019-17017	Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2020-01-08	CVE-2019-17016	When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2019-01-16	CVE-2017-3144	A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.	Ubuntu_linux, Debian_linux, Dhcp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	N/A
2016-07-21	CVE-2016-5444	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.	Powerkvm, Mariadb, Linux, Mysql, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	3.7
2016-07-21	CVE-2016-5440	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.	Ubuntu_linux, Debian_linux, Powerkvm, Mariadb, Linux, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	4.9