Redhat Enterprise Linux Server vulnerabilities

CVE-2016-5629 [MEDIUM] CVE-2016-5629: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVE-2016-4286 [HIGH] CWE-284 CVE-2016-4286: Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

CVE-2016-7796 [MEDIUM] CWE-20 CVE-2016-7796: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service ( The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

CVE-2016-4302 [HIGH] CWE-119 CVE-2016-4302: Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libar Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVE-2016-5418 [HIGH] CWE-19 CVE-2016-5418: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVE-2016-4300 [HIGH] CWE-190 CVE-2016-4300: Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarc Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

CVE-2016-7163 [HIGH] CWE-190 CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

CVE-2016-4809 [HIGH] CWE-20 CVE-2016-4809: The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchiv The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

CVE-2016-7166 [MEDIUM] CWE-399 CVE-2016-7166: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote a libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

CVE-2016-5844 [MEDIUM] CWE-190 CVE-2016-5844: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a den Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

CVE-2016-6662 [CRITICAL] CWE-264 CVE-2016-6662: Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting genera

CVE-2016-5408 [CRITICAL] CVE-2016-5408: Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package be Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.

CVE-2016-5403 [MEDIUM] CWE-400 CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cau The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

CVE-2016-5131 [HIGH] CWE-416 CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

CVE-2016-5440 [MEDIUM] CVE-2016-5440: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and ear Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

CVE-2016-5444 [LOW] CVE-2016-5444: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

CVE-2016-5387 [HIGH] CVE-2016-5387: The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka

CVE-2016-5385 [HIGH] CWE-601 CVE-2016-5385: PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and theref PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy hea

CVE-2016-5386 [HIGH] CWE-284 CVE-2016-5386: The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy se

CVE-2016-5388 [HIGH] CWE-284 CVE-2016-5388: Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy