Vulnerabilities > Redhat > Enterprise Linux Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-9634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9635 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2016-12-14 CVE-2014-8241 NULL Pointer Dereference vulnerability in multiple products
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
network
low complexity
tigervnc redhat CWE-476
critical
9.8
2016-09-20 CVE-2016-6662 Permissions, Privileges, and Access Controls vulnerability in multiple products
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.
network
low complexity
oracle percona mariadb debian redhat CWE-264
critical
9.8
2016-08-10 CVE-2016-5408 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
oracle redhat CWE-119
critical
9.8
2016-06-16 CVE-2016-4138 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
network
low complexity
redhat adobe suse opensuse
critical
9.8
2016-06-16 CVE-2016-4171 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
network
low complexity
adobe redhat suse opensuse
critical
9.8
2016-06-09 CVE-2016-0749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
network
low complexity
opensuse debian redhat spice-project CWE-119
critical
9.8
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8