Vulnerabilities > Redhat > Enterprise Linux Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-3464 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.3 |
| 2017-04-24 | CVE-2017-3456 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.9 |
| 2017-04-24 | CVE-2017-3453 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
| 2017-04-24 | CVE-2017-3309 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 7.7 |
| 2017-04-24 | CVE-2017-3308 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 7.7 |
| 2017-04-19 | CVE-2016-5410 | Improper Authentication vulnerability in multiple products firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | 5.5 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-14 | CVE-2016-6489 | Information Exposure Through Discrepancy vulnerability in multiple products The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | 7.5 |
| 2017-04-14 | CVE-2016-4455 | Permissions, Privileges, and Access Controls vulnerability in Redhat products The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |
| 2017-04-11 | CVE-2016-4989 | Command Injection vulnerability in multiple products setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. | 7.0 |