Enterprise Linux Desktop

enterprise_linux_desktop

Vendor: Redhat • 1,928 CVEs

CVEs (1,928)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4809 3Libarchive OracleRedhat 9Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+6 more May 6, 2026 Sep 21, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large...Show more The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.Show less
CVE-2016-4302 2Libarchive Redhat 8Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+5 more May 6, 2026 Sep 21, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
CVE-2016-4300 2Libarchive Redhat 8Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+5 more May 6, 2026 Sep 21, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, w...Show more Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.Show less
CVE-2016-6662 5Debian MariadbOracle+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more May 6, 2026 Sep 20, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5...Show more Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.Show less
CVE-2016-5403 5Canonical DebianOracle+2 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Server+10 more May 6, 2026 Aug 2, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion...Show more The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.Show less
CVE-2016-5131 8Apple CanonicalDebian+5 more 14Chrome Debian LinuxEnterprise Linux Desktop+11 more May 6, 2026 Jul 23, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to t...Show more Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.Show less
CVE-2016-5444 4Ibm MariadbOracle+1 more 11Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+8 more May 6, 2026 Jul 21, 2016 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confi...Show more Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.Show less
CVE-2016-5440 6Canonical DebianIbm+3 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Server+9 more May 6, 2026 Jul 21, 2016 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect...Show more Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.Show less
CVE-2016-2775 4Fedoraproject HpIsc+1 more 9Bind Enterprise Linux DesktopEnterprise Linux Eus+6 more May 6, 2026 Jul 19, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request...Show more ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.Show less
CVE-2016-5388 4Apache HpOracle+1 more 11Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+8 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_...Show more Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.Show less
CVE-2016-5387 8Apache CanonicalDebian+5 more 20Communications User Data Repository Debian LinuxEnterprise Linux Desktop+17 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remot...Show more The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.Show less
CVE-2016-5385 8Debian DrupalFedoraproject+5 more 13Communications User Data Repository Debian LinuxDrupal+10 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, whi...Show more PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.Show less
CVE-2016-5009 1Redhat 7Ceph Ceph Storage MonCeph Storage Osd+4 more May 6, 2026 Jul 12, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-1704 5Canonical GoogleNovell+2 more 8Chrome Enterprise Linux DesktopEnterprise Linux Server+5 more May 6, 2026 Jul 3, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-4470 4Linux NovellOracle+1 more 14Enterprise Linux Enterprise Linux DesktopEnterprise Linux For Real Time+11 more May 6, 2026 Jun 27, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash)...Show more The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.Show less
CVE-2016-0758 3Canonical LinuxRedhat 9Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+6 more May 6, 2026 Jun 27, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4171 4Adobe OpensuseRedhat+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 21, 2026 Jun 16, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
CVE-2016-4156 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4155 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4154 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less

Previous 1...616263...97 Next