Vulnerabilities > Redhat > Enterprise Linux Server EUS > 7.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-22 | CVE-2017-9775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | 6.5 |
2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
2017-06-06 | CVE-2017-9462 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | 8.8 |
2017-06-06 | CVE-2017-9461 | Infinite Loop vulnerability in multiple products smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 6.5 |
2017-04-24 | CVE-2017-3600 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). | 6.6 |
2017-04-24 | CVE-2017-3544 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 3.7 |
2017-04-24 | CVE-2017-3539 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 3.1 |
2017-04-24 | CVE-2017-3533 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 3.7 |
2017-04-24 | CVE-2017-3464 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.3 |
2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |