Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-05	CVE-2016-2106	Numeric Errors vulnerability in multiple products Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. network low complexity openssl redhat CWE-189	7.5
2016-05-05	CVE-2016-2105	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. network low complexity redhat opensuse oracle apple openssl debian canonical nodejs CWE-190	7.5
2016-04-21	CVE-2016-3427	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. network low complexity oracle canonical debian netapp apache redhat suse opensuse critical	9.8
2016-04-21	CVE-2016-0695	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. network high complexity oracle redhat	5.9
2016-04-21	CVE-2016-0651	Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. local low complexity oracle mariadb suse opensuse redhat	5.5
2016-04-21	CVE-2016-0642	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. local high complexity oracle suse opensuse redhat mariadb debian canonical	4.7
2016-04-13	CVE-2016-3069	Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. network low complexity mercurial debian suse opensuse fedoraproject redhat CWE-20	8.8
2016-04-13	CVE-2016-3068	Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. network low complexity debian mercurial fedoraproject redhat suse opensuse CWE-20	8.8
2016-04-12	CVE-2016-2857	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. local low complexity qemu canonical debian redhat CWE-119	8.4
2016-04-08	CVE-2015-5229	Code vulnerability in Redhat products The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. network low complexity redhat CWE-17	7.5