Vulnerabilities > Redhat > Enterprise Linux Server EUS

DATE CVE VULNERABILITY TITLE RISK
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
8.8
2016-05-05 CVE-2016-3717 Information Exposure vulnerability in multiple products
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
local
low complexity
canonical redhat imagemagick CWE-200
5.5
2016-05-05 CVE-2016-3716 Permissions, Privileges, and Access Controls vulnerability in multiple products
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
local
low complexity
canonical imagemagick redhat CWE-264
3.3
2016-05-05 CVE-2016-2109 Resource Management Errors vulnerability in multiple products
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
network
low complexity
openssl redhat CWE-399
7.5
2016-05-05 CVE-2016-2108 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
network
low complexity
redhat openssl google CWE-119
critical
9.8
2016-05-05 CVE-2016-2107 Information Exposure vulnerability in multiple products
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session.
5.9
2016-05-05 CVE-2016-2106 Numeric Errors vulnerability in multiple products
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
network
low complexity
openssl redhat CWE-189
7.5
2016-05-05 CVE-2016-2105 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
7.5
2016-05-02 CVE-2015-4170 Race Condition vulnerability in multiple products
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
local
high complexity
linux redhat CWE-362
4.7