Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13613 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-06 | N/A |
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | ||||
CVE-2016-3672 | 4 Canonical, Linux, Novell and 1 more | 11 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 8 more | 2024-08-06 | N/A |
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. | ||||
CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 17 Ubuntu Linux, Xenserver, Debian Linux and 14 more | 2024-08-06 | 8.8 High |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | ||||
CVE-2016-3718 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-08-06 | 5.5 Medium |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | ||||
CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-08-06 | 5.5 Medium |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 11 Ubuntu Linux, Imagemagick, Enterprise Linux and 8 more | 2024-08-06 | N/A |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | ||||
CVE-2016-3699 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-08-06 | N/A |
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | ||||
CVE-2016-3709 | 2 Redhat, Xmlsoft | 3 Enterprise Linux, Rhel Eus, Libxml2 | 2024-08-06 | 6.1 Medium |
Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | ||||
CVE-2016-3716 | 3 Canonical, Imagemagick, Redhat | 11 Ubuntu Linux, Imagemagick, Enterprise Linux and 8 more | 2024-08-06 | N/A |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | ||||
CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 12 Ubuntu Linux, Xenserver, Debian Linux and 9 more | 2024-08-06 | 5.5 Medium |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | ||||
CVE-2016-3632 | 3 Libtiff, Oracle, Redhat | 3 Libtiff, Vm Server, Enterprise Linux | 2024-08-06 | N/A |
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. | ||||
CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more | 2024-08-06 | 7.5 High |
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | ||||
CVE-2016-3616 | 4 Canonical, Debian, Libjpeg-turbo and 1 more | 4 Ubuntu Linux, Debian Linux, Libjpeg-turbo and 1 more | 2024-08-06 | N/A |
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | ||||
CVE-2016-3426 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | ||||
CVE-2016-3425 | 2 Oracle, Redhat | 5 Jdk, Jre, Jrockit and 2 more | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. | ||||
CVE-2016-3186 | 3 Libtiff, Opensuse, Redhat | 3 Libtiff, Opensuse, Enterprise Linux | 2024-08-05 | N/A |
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. | ||||
CVE-2016-3191 | 2 Pcre, Redhat | 4 Pcre, Pcre2, Enterprise Linux and 1 more | 2024-08-05 | N/A |
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. | ||||
CVE-2016-3190 | 3 Cairographics, Opensuse, Redhat | 3 Cairo, Opensuse, Enterprise Linux | 2024-08-05 | N/A |
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. | ||||
CVE-2016-3156 | 4 Canonical, Linux, Novell and 1 more | 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more | 2024-08-05 | N/A |
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | ||||
CVE-2016-3115 | 3 Openbsd, Oracle, Redhat | 3 Openssh, Vm Server, Enterprise Linux | 2024-08-05 | N/A |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |