Product:

Enterprise_linux_server

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/kyz/libmspack
https://github.com/LibRaw/LibRaw
https://github.com/rubygems/rubygems
https://github.com/madler/zlib
https://github.com/the-tcpdump-group/tcpdump
https://github.com/fedora-selinux/setroubleshoot
https://github.com/mdadams/jasper
https://github.com/ntp-project/ntp
https://github.com/neomutt/neomutt
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
https://github.com/abrt/abrt
https://github.com/mysql/mysql-server
https://github.com/golang/go
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/Katello/katello
https://github.com/opencontainers/runc
https://github.com/openstack/swift
https://github.com/qos-ch/slf4j
https://github.com/uclouvain/openjpeg
https://github.com/SELinuxProject/selinux
https://github.com/ClusterLabs/pacemaker
https://github.com/FreeRDP/FreeRDP
https://github.com/Perl/perl5
https://github.com/jpirko/libndp
https://github.com/candlepin/subscription-manager
https://github.com/dogtagpki/pki
https://github.com/szukw000/openjpeg
https://github.com/rpm-software-management/yum-utils
https://github.com/sosreport/sos-collector
https://github.com/requests/requests
https://github.com/glennrp/libpng
https://github.com/paramiko/paramiko
https://github.com/ImageMagick/ImageMagick
https://github.com/git/git
https://github.com/karelzak/util-linux
https://github.com/GNOME/evince
https://git.savannah.gnu.org/git/patch.git
https://github.com/UNINETT/mod_auth_mellon
https://github.com/flori/json
https://github.com/flatpak/flatpak
https://github.com/libguestfs/hivex
https://github.com/vadz/libtiff
https://github.com/jquery/jquery-ui
#Vulnerabilities 1891
Date Id Summary Products Score Patch Annotated
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Cassandra, Ubuntu_linux, Debian_linux, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_balance, Oncommand_cloud_manager, Oncommand_insight, Oncommand_performance_manager, Oncommand_report, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Jdk, Jre, Jrockit, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud 9.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib 8.8
2019-12-06 CVE-2019-5544 OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Fedora, Openslp, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Esxi, Horizon_daas 9.8
2014-09-25 CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2014-09-24 CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2015-10-22 CVE-2015-4902 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Leap, Opensuse, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_from_rhui, Enterprise_linux_workstation, Satellite, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2016-05-05 CVE-2016-3718 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud 5.5
2016-05-05 CVE-2016-3715 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud 5.5
2012-05-11 CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. Mac_os_x, Debian_linux, Fedora, Hp\-Ux, Opensuse, Php, Application_stack, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Storage, Storage_for_public_cloud, Linux_enterprise_server, Linux_enterprise_software_development_kit 9.8
2015-07-08 CVE-2015-5119 Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Flash_player, Evergreen, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension 9.8