Vulnerabilities > Redhat > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-27 | CVE-2016-9634 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | 7.5 |
2017-01-23 | CVE-2016-9446 | Improper Initialization vulnerability in multiple products The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | 7.5 |
2017-01-19 | CVE-2016-7545 | Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |
2017-01-19 | CVE-2016-5198 | Out-of-bounds Write vulnerability in multiple products V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | 8.8 |
2016-12-22 | CVE-2016-9675 | Out-of-bounds Write vulnerability in multiple products openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. | 7.8 |
2016-12-14 | CVE-2014-8241 | NULL Pointer Dereference vulnerability in multiple products XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | 7.5 |
2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 |
2016-10-07 | CVE-2016-3699 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | 7.4 |
2016-10-03 | CVE-2016-7046 | Resource Management Errors vulnerability in Redhat Jboss Enterprise Application Platform 7.0 Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | 7.1 |
2016-09-27 | CVE-2016-4978 | Deserialization of Untrusted Data vulnerability in multiple products The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | 7.2 |