Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-21 CVE-2016-0616 Remote Security vulnerability in Oracle MySQL
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
redhat canonical mariadb oracle opensuse debian
4.0
2016-01-21 CVE-2016-0597 Remote Security vulnerability in Oracle MySQL
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
redhat oracle opensuse canonical debian mariadb
4.0
2016-01-21 CVE-2016-0596 Remote Security vulnerability in Oracle MySQL
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
network
low complexity
redhat oracle debian opensuse canonical mariadb
4.0
2016-01-21 CVE-2016-0505 Remote Security vulnerability in Oracle MySQL
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
network
low complexity
redhat oracle canonical debian opensuse mariadb
6.8
2015-11-24 CVE-2015-7981 Information Exposure vulnerability in multiple products
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
network
low complexity
canonical debian redhat libpng CWE-200
5.0
2015-07-16 CVE-2015-2582 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
network
low complexity
oracle debian canonical redhat mariadb
4.0
2015-06-09 CVE-2015-4148 Improper Input Validation vulnerability in multiple products
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
network
low complexity
apple redhat php CWE-20
5.0
2015-06-09 CVE-2015-4024 Resource Management Errors vulnerability in multiple products
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
network
low complexity
redhat apple php hp oracle CWE-399
5.0
2015-06-09 CVE-2015-4021 Numeric Errors vulnerability in multiple products
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
network
low complexity
redhat apple php CWE-189
5.0
2015-06-09 CVE-2015-2783 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
5.8