Redhat Enterprise_linux_server_tus
285 CVEs affecting Redhat Enterprise_linux_server_tus. Latest disclosed: 2026-03-31. Critical: 44, High: 74.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-5740 | Critical | 9.8 | 2017-10-18 | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smu… |
CVE-2015-5739 | Critical | 9.8 | 2017-10-18 | The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP requ… |
CVE-2017-0903 | Critical | 9.8 | 2017-10-11 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can byp… |
CVE-2017-1000116 | Critical | 9.8 | 2017-10-05 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. |
CVE-2017-0899 | Critical | 9.8 | 2017-08-31 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specifica… |
CVE-2017-14064 | Critical | 9.8 | 2017-08-31 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ex… |
CVE-2017-3167 | Critical | 9.8 | 2017-06-20 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may l… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2016-1908 | Critical | 9.8 | 2017-04-11 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisio… |
CVE-2017-5205 | Critical | 9.8 | 2017-01-28 | The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). |
CVE-2017-5204 | Critical | 9.8 | 2017-01-28 | The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). |
CVE-2017-5203 | Critical | 9.8 | 2017-01-28 | The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). |
CVE-2017-5202 | Critical | 9.8 | 2017-01-28 | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). |
CVE-2016-6662 | Critical | 9.8 | 2016-09-20 | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Perco… |
CVE-2016-4448 | Critical | 9.8 | 2016-06-09 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
CVE-2015-4643 | Critical | 9.8 | 2016-05-16 | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to e… |
CVE-2015-8391 | Critical | 9.8 | 2015-12-02 | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU… |
CVE-2014-1532 | Critical | 9.8 | 2014-04-30 | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24… |
CVE-2014-1524 | Critical | 9.8 | 2014-04-30 | The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before… |
CVE-2014-1514 | Critical | 9.8 | 2014-03-19 | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the l… |