Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
There are 763 matching records.
Displaying matches 641 through 660.
Vuln ID Summary CVSS Severity
CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

Published: May 16, 2016; 6:59:02 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Published: May 11, 2016; 5:59:02 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Published: May 11, 2016; 5:59:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Published: May 05, 2016; 2:59:08 PM -0400
V3.0: 6.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:07 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:06 PM -0400
V3.0: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:04 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-2109

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Published: May 04, 2016; 9:59:05 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Published: May 04, 2016; 9:59:04 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Published: May 04, 2016; 9:59:03 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2016-2106

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Published: May 04, 2016; 9:59:02 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Published: May 04, 2016; 9:59:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

Published: April 21, 2016; 6:59:55 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2016-0741

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

Published: April 19, 2016; 5:59:06 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Published: April 13, 2016; 12:59:17 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Published: April 13, 2016; 12:59:16 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Published: April 11, 2016; 10:00:07 PM -0400
V3.1: 8.4 HIGH
V2.0: 3.6 LOW
CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Published: April 08, 2016; 11:59:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-0636

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

Published: March 24, 2016; 2:59:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Published: March 23, 2016; 9:59:30 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM