Vulnerabilities > Redhat > Enterprise Linux Server EUS > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-06 CVE-2017-9462 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
network
low complexity
mercurial debian redhat CWE-732
8.8
2017-02-12 CVE-2017-3302 Use After Free vulnerability in multiple products
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
network
low complexity
oracle mariadb debian redhat CWE-416
7.5
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-01-13 CVE-2016-7426 Resource Exhaustion vulnerability in multiple products
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
network
low complexity
ntp canonical redhat hpe CWE-400
7.5
2016-09-21 CVE-2016-5418 Data Processing Errors vulnerability in multiple products
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
network
low complexity
redhat oracle libarchive CWE-19
7.5
2016-09-21 CVE-2016-4809 Improper Input Validation vulnerability in multiple products
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
network
low complexity
redhat oracle libarchive CWE-20
7.5
2016-09-21 CVE-2016-4302 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
local
low complexity
redhat libarchive CWE-119
7.8
2016-09-21 CVE-2016-4300 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
local
low complexity
libarchive redhat CWE-190
7.8
2016-07-19 CVE-2016-5388 Improper Access Control vulnerability in multiple products
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
high complexity
redhat hp oracle apache CWE-284
8.1
2016-07-19 CVE-2016-5386 Improper Access Control vulnerability in multiple products
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
high complexity
fedoraproject oracle redhat golang CWE-284
8.1