Vulnerabilities > Redhat > Enterprise Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-25 | CVE-2016-1000033 | Improper Certificate Validation vulnerability in multiple products Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | 4.3 |
| 2016-09-26 | CVE-2016-5406 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | 6.5 |
| 2016-09-26 | CVE-2016-4993 | CRLF Injection vulnerability in Redhat products CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 4.3 |
| 2016-09-22 | CVE-2016-6340 | 7PK - Security Features vulnerability in Redhat Quickstart Cloud Installer The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | 2.1 |
| 2016-09-22 | CVE-2016-6322 | Permissions, Privileges, and Access Controls vulnerability in Redhat Quickstart Cloud Installer Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | 7.2 |
| 2016-09-20 | CVE-2016-6662 | Permissions, Privileges, and Access Controls vulnerability in multiple products Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. | 10.0 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |
| 2016-08-07 | CVE-2016-5766 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | 6.8 |
| 2016-07-21 | CVE-2016-5444 | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | 4.3 |
| 2016-07-21 | CVE-2016-3471 | Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | 6.2 |