Vulnerabilities > Redhat > Enterprise Linux Server AUS > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian mariadb redhat
7.7
2017-02-15 CVE-2016-9560 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
jasper-project debian redhat CWE-787
7.8
2017-02-12 CVE-2017-3302 Use After Free vulnerability in multiple products
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
network
low complexity
oracle mariadb debian redhat CWE-416
7.5
2017-02-09 CVE-2017-5848 Out-of-bounds Read vulnerability in multiple products
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
network
low complexity
gstreamer-project debian redhat CWE-125
7.5
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-01-23 CVE-2016-9446 Improper Initialization vulnerability in multiple products
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
7.5
2017-01-13 CVE-2016-7426 Resource Exhaustion vulnerability in multiple products
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
network
low complexity
ntp canonical redhat hpe CWE-400
7.5
2017-01-12 CVE-2016-9131 Improper Input Validation vulnerability in multiple products
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
network
low complexity
isc debian redhat netapp CWE-20
7.5
2016-11-02 CVE-2016-8864 Reachable Assertion vulnerability in multiple products
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
network
low complexity
isc netapp redhat debian CWE-617
7.5
2016-09-21 CVE-2016-7163 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
7.8