U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:redhat:enterprise_linux_server_eus:7.6
There are 281 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

Published: February 16, 2017; 6:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

Published: February 16, 2017; 6:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

Published: February 16, 2017; 6:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-3302

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

Published: February 11, 2017; 11:59:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Published: February 03, 2017; 2:59:00 PM -0500
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2016-2518

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Published: January 30, 2017; 4:59:01 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-5205

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

Published: January 27, 2017; 8:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-5204

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

Published: January 27, 2017; 8:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-5203

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

Published: January 27, 2017; 8:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-5202

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

Published: January 27, 2017; 8:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

Published: January 27, 2017; 5:59:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Published: January 23, 2017; 4:59:02 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

Published: January 13, 2017; 11:59:00 AM -0500
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Published: October 13, 2016; 10:59:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Published: September 20, 2016; 2:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Published: August 02, 2016; 12:59:03 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

Published: July 21, 2016; 6:14:57 AM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2016-5440

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

Published: July 21, 2016; 6:14:53 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Published: June 09, 2016; 12:59:06 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Published: May 23, 2016; 6:59:09 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW