Vulnerabilities > Redhat > Enterprise Linux Server TUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0642 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. 4.7
2016-02-13 CVE-2015-8631 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
6.5
2016-02-13 CVE-2015-8629 Out-of-bounds Read vulnerability in multiple products
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
network
high complexity
mit oracle debian opensuse redhat CWE-125
5.3
2015-12-06 CVE-2015-3195 Information Exposure vulnerability in multiple products
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
5.3
2014-04-30 CVE-2014-1530 Cross-site Scripting vulnerability in multiple products
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
6.1
2014-04-30 CVE-2014-1523 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.
6.5