Vulnerabilities > Redhat > Enterprise Linux Server AUS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-10978 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | 7.5 |
| 2017-06-22 | CVE-2017-9776 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
| 2017-06-06 | CVE-2017-9462 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | 8.8 |
| 2017-04-27 | CVE-2017-8291 | Type Confusion vulnerability in multiple products Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | 7.8 |
| 2017-04-24 | CVE-2017-3309 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 7.7 |
| 2017-04-24 | CVE-2017-3308 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 7.7 |
| 2017-02-15 | CVE-2016-9560 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | 7.8 |
| 2017-02-12 | CVE-2017-3302 | Use After Free vulnerability in multiple products Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | 7.5 |