Redhat: >> Enterprise Linux Server Eus >> 7.7 Security Vulnerabilities
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVSS Score
7.5
EPSS Score
0.57
Published
2017-08-07
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVSS Score
5.9
EPSS Score
0.032
Published
2017-08-07
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
CVSS Score
7.5
EPSS Score
0.032
Published
2017-07-24
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.022
Published
2017-07-17
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVSS Score
7.1
EPSS Score
0.009
Published
2017-02-03
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVSS Score
5.3
EPSS Score
0.008
Published
2017-01-30
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-01-23
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVSS Score
7.5
EPSS Score
0.472
Published
2017-01-13
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVSS Score
7.8
EPSS Score
0.145
Published
2016-10-13
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-08-02