Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2017-3265 [MEDIUM] CVE-2017-3265: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes

CVE-2017-3291 [MEDIUM] CVE-2017-3291: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes

CVE-2017-3318 [MEDIUM] CVE-2017-3318: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Su

CVE-2017-3238 [MEDIUM] CVE-2017-3238: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this

CVE-2017-3317 [MEDIUM] CVE-2017-3317: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versi Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attac

CVE-2016-9446 [HIGH] CWE-665 CVE-2016-9446: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attacke The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

CVE-2016-9401 [MEDIUM] CWE-416 CVE-2016-9401: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

CVE-2016-7426 [HIGH] CWE-400 CVE-2016-7426: NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

CVE-2016-9811 [MEDIUM] CWE-125 CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is s The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

CVE-2016-9131 [HIGH] CWE-20 CVE-2016-9131: named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows r named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

CVE-2016-8864 [HIGH] CWE-617 CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows r named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

CVE-2016-5624 [MEDIUM] CVE-2016-5624: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to af Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-5612 [MEDIUM] CVE-2016-5612: Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and ear Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-3492 [MEDIUM] CVE-2016-3492: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVE-2016-5626 [MEDIUM] CVE-2016-5626: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVE-2016-5629 [MEDIUM] CVE-2016-5629: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVE-2016-4302 [HIGH] CWE-119 CVE-2016-4302: Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libar Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVE-2016-5418 [HIGH] CWE-19 CVE-2016-5418: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVE-2016-4300 [HIGH] CWE-190 CVE-2016-4300: Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarc Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

CVE-2016-7163 [HIGH] CWE-190 CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.