Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2016-7050 Deserialization of Untrusted Data vulnerability in Redhat products
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
network
low complexity
redhat CWE-502
critical
9.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
9.8
2017-04-17 CVE-2017-5645 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
network
low complexity
apache netapp redhat oracle CWE-502
critical
9.8
2017-04-11 CVE-2016-1908 Improper Authentication vulnerability in multiple products
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
network
low complexity
openbsd debian oracle redhat CWE-287
critical
9.8
2017-01-28 CVE-2017-5202 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5203 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5204 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5205 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-27 CVE-2016-9634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8