Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Server Eus Subscriptions
Total 625 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9600 3 Canonical, Jasper Project, Redhat 9 Ubuntu Linux, Jasper, Enterprise Linux and 6 more 2024-11-21 N/A
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9591 3 Debian, Jasper Project, Redhat 7 Debian Linux, Jasper, Enterprise Linux and 4 more 2024-11-21 N/A
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2016-9583 3 Jasper Project, Oracle, Redhat 9 Jasper, Outside In Technology, Enterprise Linux and 6 more 2024-11-21 N/A
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-9578 3 Debian, Redhat, Spice Project 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
CVE-2016-9577 3 Debian, Redhat, Spice Project 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
CVE-2016-9573 3 Debian, Redhat, Uclouvain 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
CVE-2016-9401 3 Debian, Gnu, Redhat 9 Debian Linux, Bash, Enterprise Linux and 6 more 2024-11-21 5.5 Medium
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2016-9079 5 Debian, Microsoft, Mozilla and 2 more 12 Debian Linux, Windows, Firefox and 9 more 2024-11-21 N/A
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVE-2016-8654 3 Debian, Jasper Project, Redhat 8 Debian Linux, Jasper, Enterprise Linux and 5 more 2024-11-21 N/A
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVE-2016-8635 2 Mozilla, Redhat 8 Network Security Services, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2016-8610 7 Debian, Fujitsu, Netapp and 4 more 55 Debian Linux, M10-1, M10-1 Firmware and 52 more 2024-11-21 7.5 High
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 10 Ubuntu Linux, Hpux-ntp, Ntp and 7 more 2024-11-21 7.5 High
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-7166 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2024-11-21 N/A
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-2016-7035 2 Clusterlabs, Redhat 4 Pacemaker, Enterprise Linux, Enterprise Linux Server and 1 more 2024-11-21 N/A
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
CVE-2016-6662 5 Debian, Mariadb, Oracle and 2 more 13 Debian Linux, Mariadb, Mysql and 10 more 2024-11-21 N/A
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6325 2 Apache, Redhat 11 Tomcat, Enterprise Linux, Enterprise Linux Desktop and 8 more 2024-11-21 N/A
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
CVE-2016-5844 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Solaris and 8 more 2024-11-21 N/A
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2016-5824 3 Canonical, Libical Project, Redhat 9 Ubuntu Linux, Libical, Enterprise Linux and 6 more 2024-11-21 N/A
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2016-5444 4 Ibm, Mariadb, Oracle and 1 more 12 Powerkvm, Mariadb, Linux and 9 more 2024-11-21 N/A
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
CVE-2016-5440 6 Canonical, Debian, Ibm and 3 more 14 Ubuntu Linux, Debian Linux, Powerkvm and 11 more 2024-11-21 N/A
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.