Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2016-10-25 CVE-2016-5612 Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
network
low complexity
oracle mariadb redhat
6.5
2016-10-25 CVE-2016-3492 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
network
low complexity
oracle mariadb redhat
6.5
2016-10-25 CVE-2016-1000033 Improper Certificate Validation vulnerability in multiple products
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
network
high complexity
gnome redhat CWE-295
3.7
2016-10-13 CVE-2016-4286 Improper Access Control vulnerability in multiple products
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
network
low complexity
adobe redhat CWE-284
8.8
2016-10-13 CVE-2016-7796 Improper Input Validation vulnerability in multiple products
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
local
low complexity
systemd-project novell redhat CWE-20
5.5
2016-10-13 CVE-2016-7065 Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 4.0.0/5.0.0
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
network
low complexity
redhat CWE-502
8.8
2016-10-07 CVE-2016-1000007 Cross-site Scripting vulnerability in Redhat Pagure 2.2.1
Pagure 2.2.1 XSS in raw file endpoint
network
low complexity
redhat CWE-79
6.1
2016-10-07 CVE-2016-7040 Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
network
low complexity
redhat CWE-284
8.8
2016-10-07 CVE-2016-3699 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
local
high complexity
redhat linux CWE-264
7.4
2016-10-03 CVE-2016-7046 Resource Management Errors vulnerability in Redhat Jboss Enterprise Application Platform 7.0
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
network
high complexity
redhat CWE-399
5.9