Redhat Enterprise Linux Server vulnerabilities

CVE-2017-5205 [CRITICAL] CWE-119 CVE-2017-5205: The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

CVE-2017-5204 [CRITICAL] CWE-119 CVE-2017-5204: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

CVE-2017-5202 [CRITICAL] CWE-119 CVE-2017-5202: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

CVE-2016-9634 [CRITICAL] CWE-119 CVE-2016-9634: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC d Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

CVE-2016-9635 [CRITICAL] CWE-119 CVE-2016-9635: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC d Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

CVE-2016-9636 [CRITICAL] CWE-119 CVE-2016-9636: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC d Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.

CVE-2017-3243 [MEDIUM] CVE-2017-3243: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Suppor Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized

CVE-2017-3258 [MEDIUM] CWE-20 CVE-2017-3258: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this

CVE-2017-3244 [MEDIUM] CVE-2017-3244: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

CVE-2017-3313 [MEDIUM] CVE-2017-3313: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supporte Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful

CVE-2016-5824 [MEDIUM] CWE-416 CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVE-2017-3265 [MEDIUM] CVE-2017-3265: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes

CVE-2017-3291 [MEDIUM] CVE-2017-3291: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes

CVE-2017-3318 [MEDIUM] CVE-2017-3318: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Su

CVE-2017-3238 [MEDIUM] CVE-2017-3238: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this

CVE-2017-3317 [MEDIUM] CVE-2017-3317: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versi Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attac

CVE-2016-9446 [HIGH] CWE-665 CVE-2016-9446: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attacke The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

CVE-2016-9401 [MEDIUM] CWE-416 CVE-2016-9401: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

CVE-2016-7545 [HIGH] CWE-284 CVE-2016-7545: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

CVE-2016-5198 [HIGH] CWE-125 CVE-2016-5198: V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.