Filtered by vendor Redhat Subscriptions
Total 22914 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5402 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-11-21 N/A
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
CVE-2016-5397 2 Apache, Redhat 3 Thrift, Jboss Data Virtualization, Jboss Fuse 2024-11-21 N/A
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
CVE-2016-5314 4 Debian, Libtiff, Opensuse and 1 more 5 Debian Linux, Libtiff, Leap and 2 more 2024-11-21 N/A
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVE-2016-5297 3 Debian, Mozilla, Redhat 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-11-21 N/A
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5296 3 Debian, Mozilla, Redhat 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-11-21 N/A
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5291 3 Debian, Mozilla, Redhat 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-11-21 N/A
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5290 3 Debian, Mozilla, Redhat 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-11-21 N/A
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5285 5 Avaya, Debian, Mozilla and 2 more 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more 2024-11-21 7.5 High
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVE-2016-5202 5 Apple, Google, Linux and 2 more 5 Macos, Chrome, Linux Kernel and 2 more 2024-11-21 9.1 Critical
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
CVE-2016-5194 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 9.8 Critical
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
CVE-2016-4983 3 Dovecot, Opensuse, Redhat 4 Dovecot, Leap, Opensuse and 1 more 2024-11-21 3.3 Low
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
CVE-2016-4980 3 Ethz, Fedoraproject, Redhat 3 Xquest, Fedora, Enterprise Linux 2024-11-21 2.5 Low
A password generation weakness exists in xquest through 2016-06-13.
CVE-2016-4975 2 Apache, Redhat 3 Http Server, Enterprise Linux, Jboss Core Services 2024-11-21 N/A
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
CVE-2016-3709 2 Redhat, Xmlsoft 3 Enterprise Linux, Rhel Eus, Libxml2 2024-11-21 6.1 Medium
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
CVE-2016-2125 2 Redhat, Samba 10 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 7 more 2024-11-21 6.5 Medium
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
CVE-2016-2124 5 Canonical, Debian, Fedoraproject and 2 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2024-11-21 5.9 Medium
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
CVE-2016-2121 1 Redhat 1 Openstack 2024-11-21 N/A
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
CVE-2016-10750 2 Hazelcast, Redhat 2 Hazelcast, Jboss Fuse 2024-11-21 N/A
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
CVE-2016-10746 2 Debian, Redhat 2 Debian Linux, Libvirt 2024-11-21 N/A
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVE-2016-10745 2 Palletsprojects, Redhat 9 Jinja, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 N/A
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.