Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 68 of 97
CVE-2016-2106HIGHCVSS 7.5v7.0v6.02016-05-05
CVE-2016-2106 [HIGH] CWE-189 CVE-2016-2106: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
nvd
CVE-2016-2109HIGHCVSS 7.5v7.0v6.02016-05-05
CVE-2016-2109 [HIGH] CWE-399 CVE-2016-2109: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
nvd
CVE-2016-3718MEDIUMCVSS 5.5KEVPoCv6.0v7.02016-05-05
CVE-2016-3718 [MEDIUM] CWE-918 CVE-2016-3718: The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote a
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
nvd
CVE-2016-3717MEDIUMCVSS 5.5PoCv6.0v7.02016-05-05
CVE-2016-3717 [MEDIUM] CWE-200 CVE-2016-3717: The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to rea
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
nvd
CVE-2016-3715MEDIUMCVSS 5.5KEVPoCv6.0v7.02016-05-05
CVE-2016-3715 [MEDIUM] CWE-552 CVE-2016-3715: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
nvd
CVE-2016-2107MEDIUMCVSS 5.9PoCv7.0v6.02016-05-05
CVE-2016-2107 [MEDIUM] CVE-2016-2107: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
nvd
CVE-2016-3716LOWCVSS 3.3PoCv6.0v7.02016-05-05
CVE-2016-3716 [LOW] CWE-264 CVE-2016-3716: The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
nvd
CVE-2016-3427CRITICALCVSS 9.8KEVPoCv5.0v6.0+1 more2016-04-21
CVE-2016-3427 [CRITICAL] CWE-284 CVE-2016-3427: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
nvd
CVE-2016-0695MEDIUMCVSS 5.9v5.0v6.0+1 more2016-04-21
CVE-2016-0695 [MEDIUM] CVE-2016-0695: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
nvd
CVE-2016-0642MEDIUMCVSS 4.7v7.02016-04-21
CVE-2016-0642 [MEDIUM] CVE-2016-0642: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
nvd
CVE-2016-0651MEDIUMCVSS 5.5v7.02016-04-21
CVE-2016-0651 [MEDIUM] CVE-2016-0651: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availabili
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
nvd
CVE-2016-0741HIGHCVSS 7.5v7.02016-04-19
CVE-2016-0741 [HIGH] CWE-399 CVE-2016-0741: slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
nvd
CVE-2010-5325CRITICALCVSS 9.8v6.02016-04-15
CVE-2010-5325 [CRITICAL] CWE-119 CVE-2010-5325: Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
nvd
CVE-2016-3068HIGHCVSS 8.8v7.02016-04-13
CVE-2016-3068 [HIGH] CWE-20 CVE-2016-3068: Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
nvd
CVE-2016-3069HIGHCVSS 8.8v7.02016-04-13
CVE-2016-3069 [HIGH] CWE-20 CVE-2016-3069: Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when con
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
nvd
CVE-2016-2857HIGHCVSS 8.4v6.0v7.02016-04-12
CVE-2016-2857 [HIGH] CWE-119 CVE-2016-2857: The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
nvd
CVE-2015-5229HIGHCVSS 7.5v7.02016-04-08
CVE-2015-5229 [HIGH] CWE-17 CVE-2015-5229: The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not pro
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
nvd
CVE-2016-1646HIGHCVSS 8.8KEVv6.02016-03-29
CVE-2016-1646 [HIGH] CWE-125 CVE-2016-1646: The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome befo
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
nvd
CVE-2016-1762HIGHCVSS 8.1v6.0v7.02016-03-24
CVE-2016-1762 [HIGH] CWE-119 CVE-2016-1762: The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of servic
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2016-0636HIGHCVSS 8.1v6.0v7.02016-03-24
CVE-2016-0636 [HIGH] CVE-2016-0636: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect c
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
nvd