Redhat Enterprise Linux Server vulnerabilities

CVE-2016-7426 [HIGH] CWE-400 CVE-2016-7426: NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

CVE-2016-9811 [MEDIUM] CWE-125 CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is s The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

CVE-2016-9131 [HIGH] CWE-20 CVE-2016-9131: named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows r named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

CVE-2016-7091 [MEDIUM] CWE-200 CVE-2016-7091: sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elev

CVE-2014-8241 [CRITICAL] CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CVE-2016-7864 [HIGH] CWE-416 CVE-2016-7864: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7863 [HIGH] CWE-416 CVE-2016-7863: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7862 [HIGH] CWE-416 CVE-2016-7862: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7859 [HIGH] CWE-416 CVE-2016-7859: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7860 [HIGH] CWE-704 CVE-2016-7860: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable typ Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7857 [HIGH] CWE-416 CVE-2016-7857: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7858 [HIGH] CWE-416 CVE-2016-7858: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7865 [HIGH] CWE-704 CVE-2016-7865: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable typ Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-7861 [HIGH] CWE-704 CVE-2016-7861: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable typ Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2016-8864 [HIGH] CWE-617 CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows r named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

CVE-2016-7855 [HIGH] CWE-416 CVE-2016-7855: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

CVE-2016-5624 [MEDIUM] CVE-2016-5624: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to af Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-5612 [MEDIUM] CVE-2016-5612: Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and ear Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-3492 [MEDIUM] CVE-2016-3492: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVE-2016-5626 [MEDIUM] CVE-2016-5626: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.