Enterprise Linux Workstation

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5
2016-05-05	CVE-2016-2109	Resource Management Errors vulnerability in multiple products The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. network low complexity openssl redhat CWE-399	7.5
2016-05-05	CVE-2016-2108	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. network low complexity redhat openssl google CWE-119 critical	9.8
2016-05-05	CVE-2016-2107	Information Exposure vulnerability in multiple products The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. network high complexity redhat opensuse openssl google hp nodejs debian canonical CWE-200	5.9
2016-05-05	CVE-2016-2106	Numeric Errors vulnerability in multiple products Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. network low complexity openssl redhat CWE-189	7.5
2016-05-05	CVE-2016-2105	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. network low complexity redhat opensuse oracle apple openssl debian canonical nodejs CWE-190	7.5
2016-04-21	CVE-2016-3427	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. network low complexity oracle canonical debian netapp apache redhat suse opensuse critical	9.8
2016-04-21	CVE-2016-0695	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. network high complexity oracle redhat	5.9
2016-04-21	CVE-2016-0651	Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. local low complexity oracle mariadb suse opensuse redhat	5.5
2016-04-21	CVE-2016-0642	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. local high complexity oracle suse opensuse redhat mariadb debian canonical	4.7