CVEs (474)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Canonical LibarchiveSuse5Libarchive Linux Enterprise DesktopLinux Enterprise Server+2 moreMay 6, 2026 Sep 20, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
3Canonical LibarchiveSuse5Libarchive Linux Enterprise DesktopLinux Enterprise Server+2 moreMay 6, 2026 Sep 20, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. |
3Canonical LibarchiveSuse5Libarchive Linux Enterprise DesktopLinux Enterprise Server+2 moreMay 6, 2026 Sep 20, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. |
4Debian OpensusePhp+1 more7Debian Linux LeapLinux Enterprise Debuginfo+4 moreMay 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (applic...Show more |
5Novell NtpOpensuse+2 more9Leap Linux Enterprise DesktopLinux Enterprise Server+6 moreMay 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. |
6Novell NtpOpensuse+3 more10Leap Linux Enterprise DesktopLinux Enterprise Server+7 moreMay 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete...Show more |
6Novell NtpOpensuse+3 more10Leap Linux Enterprise DesktopLinux Enterprise Server+7 moreMay 6, 2026 Jul 5, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet wit...Show more |
5Ntp OpensuseOracle+2 more12Leap Linux Enterprise DesktopLinux Enterprise Server+9 moreMay 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a...Show more |
5Ntp OpensuseOracle+2 more12Leap Linux Enterprise DesktopLinux Enterprise Server+9 moreMay 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. |
4Fedoraproject LinuxRedhat+1 more11Enterprise Linux FedoraLinux Enterprise Debuginfo+8 moreMay 6, 2026 Jun 27, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by...Show more |
7Canonical DebianGraphicsmagick+4 more14Debian Linux GraphicsmagickImagemagick+11 moreMay 6, 2026 Jun 10, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
3Ibm RedhatSuse6Java Sdk Linux Enterprise ServerLinux Enterprise Software Development Kit+3 moreMay 6, 2026 Jun 6, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-...Show more |
9Apple CanonicalDebian+6 more14Debian Linux FirefoxLeap+11 moreMay 6, 2026 May 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
3Ibm RedhatSuse13Enterprise Linux Desktop Enterprise Linux Hpc Node SupplementaryEnterprise Linux Server+10 moreMay 6, 2026 May 24, 2016 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8...Show more |
6Canonical ImagemagickOpensuse+3 more30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 moreApr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
6Canonical ImagemagickOpensuse+3 more30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 moreApr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
2Linux Suse8Linux Enterprise Debuginfo Linux Enterprise DesktopLinux Enterprise Module For Public Cloud+5 moreMay 6, 2026 Apr 27, 2016 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspec...Show more |
3Linux NovellSuse11Linux Enterprise Live Patching Linux Enterprise ServerLinux Kernel+8 moreMay 6, 2026 Apr 27, 2016 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (in...Show more |
8Apache CanonicalDebian+5 more38Cassandra Debian LinuxE Series Santricity Management Plug Ins+35 moreApr 22, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. |
6Canonical DebianMariadb+3 more10Debian Linux LeapLinux Enterprise Desktop+7 moreMay 6, 2026 Apr 21, 2016 N/A· v4 4.1 MEDIUM· v3 1.7 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. |