Vulnerabilities > Redhat > Enterprise Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
2017-04-12 CVE-2016-4459 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Enterprise Linux and MOD Cluster
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
network
low complexity
redhat CWE-119
7.5
2017-02-13 CVE-2016-3616 NULL Pointer Dereference vulnerability in multiple products
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
network
low complexity
libjpeg-turbo redhat debian canonical CWE-476
8.8
2017-02-13 CVE-2016-2568 Improper Encoding or Escaping of Output vulnerability in multiple products
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
local
high complexity
freedesktop redhat CWE-116
7.8
2016-12-22 CVE-2016-9675 Out-of-bounds Write vulnerability in multiple products
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045.
local
low complexity
uclouvain redhat CWE-787
7.8
2016-11-10 CVE-2016-5195 Race Condition vulnerability in multiple products
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
7.0
2016-09-01 CVE-2016-2183 Information Exposure vulnerability in multiple products
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
network
low complexity
redhat python cisco openssl oracle nodejs CWE-200
7.5
2016-08-07 CVE-2016-5766 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
network
low complexity
redhat freebsd libgd fedoraproject debian CWE-190
8.8
2016-07-21 CVE-2016-3471 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
local
high complexity
oracle redhat mariadb
7.5
2016-06-27 CVE-2016-5244 Information Exposure vulnerability in multiple products
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
network
low complexity
fedoraproject suse redhat linux CWE-200
7.5