Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-1660 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write)...Show more Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.Show less
CVE-2016-3712 6Canonical CitrixDebian+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more May 6, 2026 May 11, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710 7Canonical CitrixDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 May 11, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the ban...Show more The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.Show less
CVE-2016-4117 4Adobe OpensuseRedhat+1 more 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server From Rhui+6 more Apr 21, 2026 May 11, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVE-2016-3718 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3717 3Canonical ImagemagickRedhat 10Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+7 more May 6, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3716 3Canonical ImagemagickRedhat 10Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+7 more May 6, 2026 May 5, 2016 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-3715 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-2109 2Openssl Redhat 8Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+5 more May 6, 2026 May 5, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a sh...Show more The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.Show less
CVE-2016-2108 3Google OpensslRedhat 9Android Enterprise Linux DesktopEnterprise Linux Hpc Node+6 more May 6, 2026 May 5, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafte...Show more The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.Show less
CVE-2016-2107 8Canonical DebianGoogle+5 more 15Android Debian LinuxEnterprise Linux Desktop+12 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a...Show more The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.Show less
CVE-2016-2106 2Openssl Redhat 8Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+5 more May 6, 2026 May 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount...Show more Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.Show less
CVE-2016-2105 8Apple CanonicalDebian+5 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+12 more May 6, 2026 May 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount o...Show more Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.Show less
CVE-2015-4170 2Linux Redhat 6Enterprise Linux Compute Node Eus Enterprise Linux For Ibm Z Systems EusEnterprise Linux For Power Big Endian Eus+3 more May 6, 2026 May 2, 2016 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by...Show more Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.Show less
CVE-2015-1350 2Linux Redhat 3Enterprise Linux Enterprise MrgLinux Kernel May 6, 2026 May 2, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of servic...Show more The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.Show less
CVE-2016-2143 4Debian LinuxOracle+1 more 4Debian Linux Enterprise LinuxLinux+1 more May 6, 2026 Apr 27, 2016 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified ot...Show more The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.Show less
CVE-2016-3427 8Apache CanonicalDebian+5 more 38Cassandra Debian LinuxE Series Santricity Management Plug Ins+35 more Apr 22, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-0695 2Oracle Redhat 12Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+9 more May 6, 2026 Apr 21, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2016-0666 6Debian IbmMariadb+3 more 7Debian Linux Enterprise LinuxLeap+4 more May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availabili...Show more Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.Show less
CVE-2016-0665 3Canonical OracleRedhat 3Enterprise Linux MysqlUbuntu Linux May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.

Previous 1...196197198...284 Next