Vulnerabilities > Redhat > Enterprise Linux Server EUS

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
network
low complexity
oracle canonical debian netapp apache redhat suse opensuse
critical
9.8
2016-04-21 CVE-2016-0695 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
network
high complexity
oracle redhat
5.9
2016-04-15 CVE-2010-5325 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
network
low complexity
redhat linuxfoundation oracle CWE-119
critical
9.8
2016-04-13 CVE-2016-3069 Improper Input Validation vulnerability in multiple products
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
8.8
2016-04-13 CVE-2016-3068 Improper Input Validation vulnerability in multiple products
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
8.8
2016-04-08 CVE-2015-5229 Code vulnerability in Redhat products
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
network
low complexity
redhat CWE-17
7.5
2016-03-24 CVE-2016-1762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
network
low complexity
apple debian canonical xmlsoft redhat mcafee CWE-119
8.1
2016-02-18 CVE-2015-7547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
8.1
2015-07-14 CVE-2015-5123 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
network
low complexity
redhat suse opensuse adobe CWE-416
critical
9.8
2015-07-14 CVE-2015-5122 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
network
low complexity
adobe redhat suse opensuse CWE-416
critical
9.8