Redhat Enterprise Linux Server Tus vulnerabilities
767 known vulnerabilities affecting redhat/enterprise_linux_server_tus.
Total CVEs
767
CISA KEV
20
actively exploited
Public exploits
56
Exploited in wild
25
Severity breakdown
CRITICAL109HIGH268MEDIUM337LOW53
Vulnerabilities
Page 5 of 39
CVE-2014-8141HIGHCVSS 7.8v6.6v7.3+2 more2020-01-31
CVE-2014-8141 [HIGH] CWE-787 CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows rem
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
nvd
CVE-2014-8140HIGHCVSS 7.8v6.6v7.3+2 more2020-01-31
CVE-2014-8140 [HIGH] CWE-787 CVE-2014-8140: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows re
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
nvd
CVE-2020-2604HIGHCVSS 8.1v7.72020-01-15
CVE-2020-2604 [HIGH] CWE-502 CVE-2020-2604: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed
nvd
CVE-2020-2601MEDIUMCVSS 6.8v7.72020-01-15
CVE-2020-2601 [MEDIUM] CVE-2020-2601: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulner
nvd
CVE-2020-2593MEDIUMCVSS 4.8v7.72020-01-15
CVE-2020-2593 [MEDIUM] CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succ
nvd
CVE-2020-2659LOWCVSS 3.7v7.72020-01-15
CVE-2020-2659 [LOW] CVE-2020-2659: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of t
nvd
CVE-2020-2654LOWCVSS 3.7v7.72020-01-15
CVE-2020-2654 [LOW] CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2020-2583LOWCVSS 3.7v7.72020-01-15
CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd
nvd
CVE-2014-7844HIGHCVSS 7.8v6.6v7.3+2 more2020-01-14
CVE-2014-7844 [HIGH] CWE-74 CVE-2014-7844: BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted emai
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
nvd
CVE-2015-3147MEDIUMCVSS 6.5v7.3v7.6+1 more2020-01-14
CVE-2015-3147 [MEDIUM] CWE-59 CVE-2015-3147: daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports fro
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
nvd
CVE-2020-6851HIGHCVSS 7.5v7.7v8.2+1 more2020-01-13
CVE-2020-6851 [HIGH] CWE-787 CVE-2020-6851: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
nvd
CVE-2019-17024HIGHCVSS 8.8v7.7v8.2+1 more2020-01-08
CVE-2019-17024 [HIGH] CWE-787 CVE-2019-17024: Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17017HIGHCVSS 8.8v7.72020-01-08
CVE-2019-17017 [HIGH] CWE-843 CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting i
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17016MEDIUMCVSS 6.1v7.72020-01-08
CVE-2019-17016 [MEDIUM] CWE-79 CVE-2019-17016: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incor
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17022MEDIUMCVSS 6.1v7.72020-01-08
CVE-2019-17022 [MEDIUM] CWE-79 CVE-2019-17022: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, th
nvd
CVE-2019-19906HIGHCVSS 7.5v8.42019-12-19
CVE-2019-19906 [HIGH] CWE-193 CVE-2019-19906: cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote deni
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
nvd
CVE-2018-1311HIGHCVSS 8.1v7.72019-12-18
CVE-2018-1311 [HIGH] CWE-416 CVE-2018-1311: The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the s
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using
nvd
CVE-2019-13734HIGHCVSS 8.8v7.7v8.2+1 more2019-12-10
CVE-2019-13734 [HIGH] CWE-787 CVE-2019-13734: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5544CRITICALCVSS 9.8KEVPoCv7.72019-12-06
CVE-2019-5544 [CRITICAL] CWE-787 CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evalu
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
nvd
CVE-2019-10216HIGHCVSS 7.8v7.72019-11-27
CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
nvd