Vulnerabilities > Redhat > Enterprise Linux Server > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-05 | CVE-2016-2105 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | 7.5 |
2016-04-19 | CVE-2016-0741 | Resource Management Errors vulnerability in multiple products slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. | 7.5 |
2016-04-13 | CVE-2016-3069 | Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | 8.8 |
2016-04-13 | CVE-2016-3068 | Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | 8.8 |
2016-04-12 | CVE-2016-2857 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | 8.4 |
2016-04-08 | CVE-2015-5229 | Code vulnerability in Redhat products The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | 7.5 |
2016-03-29 | CVE-2016-1646 | Out-of-bounds Read vulnerability in multiple products The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | 8.8 |
2016-03-24 | CVE-2016-0636 | Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. | 8.1 |
2016-03-24 | CVE-2016-1762 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | 8.1 |
2016-02-18 | CVE-2015-7547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | 8.1 |