Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-21 | CVE-2016-4300 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | 7.8 |
| 2016-09-20 | CVE-2016-6662 | Permissions, Privileges, and Access Controls vulnerability in multiple products Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. | 9.8 |
| 2016-09-07 | CVE-2016-5422 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. | 8.8 |
| 2016-09-07 | CVE-2016-7034 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite 6.3.2 The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | 8.8 |
| 2016-09-07 | CVE-2016-7033 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite 6.3.2 Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-09-07 | CVE-2016-6346 | Unspecified vulnerability in Redhat Resteasy RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2016-09-07 | CVE-2016-6345 | Information Exposure vulnerability in Redhat Resteasy RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | 6.5 |
| 2016-09-07 | CVE-2016-6344 | Information Exposure vulnerability in Redhat Jboss BPM Suite 6.3 Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 5.3 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |
| 2016-08-26 | CVE-2016-5383 | Improper Access Control vulnerability in Redhat Cloudforms 4.1 The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | 8.8 |