Vulnerabilities > Redhat > Enterprise Linux Server EUS > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-16 CVE-2015-4605 Improper Input Validation vulnerability in multiple products
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
network
low complexity
php redhat CWE-20
7.5
2016-05-16 CVE-2015-4604 Improper Input Validation vulnerability in multiple products
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
network
low complexity
php redhat CWE-20
7.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
8.8
2016-05-05 CVE-2016-2109 Resource Management Errors vulnerability in multiple products
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
network
low complexity
openssl redhat CWE-399
7.5
2016-05-05 CVE-2016-2106 Numeric Errors vulnerability in multiple products
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
network
low complexity
openssl redhat CWE-189
7.5
2016-05-05 CVE-2016-2105 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
7.5
2016-04-13 CVE-2016-3069 Improper Input Validation vulnerability in multiple products
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
8.8
2016-04-13 CVE-2016-3068 Improper Input Validation vulnerability in multiple products
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
8.8
2016-04-08 CVE-2015-5229 Code vulnerability in Redhat products
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
network
low complexity
redhat CWE-17
7.5
2016-03-24 CVE-2016-1762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
network
low complexity
apple debian canonical xmlsoft redhat mcafee CWE-119
8.1