Enterprise_linux_server_eus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux_server_eus
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/libarchive/libarchive
• https://github.com/rubygems/rubygems
• https://github.com/neomutt/neomutt
• https://github.com/mdadams/jasper

• https://github.com/newsoft/libvncserver
• https://github.com/golang/go
• git://git.openssl.org/openssl.git
• https://github.com/mm2/Little-CMS
• https://github.com/ClusterLabs/pacemaker
• https://github.com/FreeRDP/FreeRDP
• https://github.com/jpirko/libndp
• https://github.com/szukw000/openjpeg
• https://github.com/sosreport/sos-collector
• https://github.com/paramiko/paramiko
• https://github.com/krb5/krb5
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/karelzak/util-linux
• https://github.com/GNOME/evince
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/UNINETT/mod_auth_mellon
• https://github.com/flori/json
• https://github.com/flatpak/flatpak
• https://github.com/vadz/libtiff

#Vulnerabilities

623

Date	Id	Summary	Products	Score	Patch	Annotated
2018-07-27	CVE-2016-9578	A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.	Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Spice	7.5
2018-07-27	CVE-2016-9603	A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.	Xenserver, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openstack	9.9
2018-07-30	CVE-2017-7518	A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation	7.8
2018-08-01	CVE-2016-8654	A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.	Debian_linux, Jasper, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation	7.8
2018-08-01	CVE-2016-9583	An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.	Jasper, Outside_in_technology, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.8
2018-08-30	CVE-2018-14622	A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.	Ubuntu_linux, Debian_linux, Libtirpc, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation	7.5
2018-09-05	CVE-2018-16539	In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.	Ghostscript, Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	5.5
2018-09-05	CVE-2018-16540	In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.	Ghostscript, Ubuntu_linux, Debian_linux, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform	7.8
2018-09-05	CVE-2018-16541	In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.	Ghostscript, Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	5.5
2018-09-05	CVE-2018-16509	An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.	Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation	7.8