Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Workstation Subscriptions
Total 1849 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9636 3 Debian, Gstreamer, Redhat 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more 2024-08-06 N/A
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVE-2016-9635 3 Debian, Gstreamer, Redhat 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more 2024-08-06 N/A
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVE-2016-9634 3 Debian, Gstreamer, Redhat 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more 2024-08-06 N/A
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVE-2016-9578 3 Debian, Redhat, Spice Project 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-08-06 N/A
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
CVE-2016-9603 4 Citrix, Debian, Qemu and 1 more 10 Xenserver, Debian Linux, Qemu and 7 more 2024-08-06 N/A
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVE-2016-9577 3 Debian, Redhat, Spice Project 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-08-06 N/A
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
CVE-2016-9583 3 Jasper Project, Oracle, Redhat 9 Jasper, Outside In Technology, Enterprise Linux and 6 more 2024-08-06 N/A
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-9579 2 Canonical, Redhat 8 Ubuntu Linux, Ceph Storage, Ceph Storage Mon and 5 more 2024-08-06 N/A
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
CVE-2016-9573 3 Debian, Redhat, Uclouvain 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-08-06 N/A
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
CVE-2016-9446 3 Fedoraproject, Gstreamer Project, Redhat 9 Fedora, Gstreamer, Enterprise Linux and 6 more 2024-08-06 7.5 High
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2016-9560 3 Debian, Jasper Project, Redhat 9 Debian Linux, Jasper, Enterprise Linux and 6 more 2024-08-06 7.8 High
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-9401 3 Debian, Gnu, Redhat 9 Debian Linux, Bash, Enterprise Linux and 6 more 2024-08-06 5.5 Medium
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2016-9079 5 Debian, Microsoft, Mozilla and 2 more 12 Debian Linux, Windows, Firefox and 9 more 2024-08-06 N/A
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVE-2016-8864 4 Debian, Isc, Netapp and 1 more 16 Debian Linux, Bind, Data Ontap Edge and 13 more 2024-08-06 7.5 High
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
CVE-2016-8635 2 Mozilla, Redhat 8 Network Security Services, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-08-06 N/A
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2016-8654 3 Debian, Jasper Project, Redhat 8 Debian Linux, Jasper, Enterprise Linux and 5 more 2024-08-06 N/A
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVE-2016-8626 1 Redhat 5 Ceph, Ceph Storage, Enterprise Linux Desktop and 2 more 2024-08-06 N/A
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
CVE-2016-8610 7 Debian, Fujitsu, Netapp and 4 more 55 Debian Linux, M10-1, M10-1 Firmware and 52 more 2024-08-06 7.5 High
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
CVE-2016-7863 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2024-08-06 N/A
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7865 6 Adobe, Apple, Google and 3 more 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more 2024-08-06 N/A
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.