Vulnerabilities > Redhat > Enterprise Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-12 | CVE-2016-4459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Enterprise Linux and MOD Cluster Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. | 7.8 |
| 2017-03-03 | CVE-2015-2877 | Information Exposure vulnerability in multiple products Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. | 3.3 |
| 2017-02-13 | CVE-2016-3616 | NULL Pointer Dereference vulnerability in multiple products The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | 6.8 |
| 2017-02-13 | CVE-2016-2568 | Improper Encoding or Escaping of Output vulnerability in multiple products pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 4.4 |
| 2016-12-22 | CVE-2016-9675 | Out-of-bounds Write vulnerability in multiple products openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. | 7.8 |
| 2016-12-22 | CVE-2016-7091 | Information Exposure vulnerability in Redhat products sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. | 4.9 |
| 2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.8 |