Redhat » Enterprise Linux Server : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service) CVSS score >= 4
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
Max CVSS
7.5
EPSS Score
95.07%
Published
2016-11-02
Updated
2020-08-17
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-13
Updated
2023-09-12
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
Max CVSS
5.5
EPSS Score
1.00%
Published
2016-09-21
Updated
2019-12-27
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
Max CVSS
6.5
EPSS Score
0.64%
Published
2016-09-21
Updated
2019-12-27
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
Max CVSS
5.5
EPSS Score
0.07%
Published
2016-08-02
Updated
2021-08-04
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Max CVSS
8.8
EPSS Score
10.58%
Published
2016-07-23
Updated
2019-03-26
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-06-01
Updated
2023-02-12
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Max CVSS
6.5
EPSS Score
1.81%
Published
2016-07-12
Updated
2023-02-12
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
Max CVSS
7.5
EPSS Score
0.81%
Published
2016-09-21
Updated
2019-12-27
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-06-27
Updated
2023-02-12
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-05-11
Updated
2023-02-12
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
Max CVSS
8.1
EPSS Score
2.16%
Published
2016-06-13
Updated
2023-02-12
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
Max CVSS
7.5
EPSS Score
0.67%
Published
2016-05-17
Updated
2024-02-10
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
Max CVSS
8.4
EPSS Score
0.06%
Published
2016-04-12
Updated
2023-02-12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
8.8
EPSS Score
0.77%
Published
2016-06-13
Updated
2023-09-12
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
Max CVSS
5.9
EPSS Score
93.44%
Published
2016-07-19
Updated
2020-08-25
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
Max CVSS
7.8
EPSS Score
84.18%
Published
2016-05-05
Updated
2022-12-13
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Max CVSS
10.0
EPSS Score
89.33%
Published
2016-05-05
Updated
2022-12-13
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
Max CVSS
7.5
EPSS Score
32.80%
Published
2016-05-05
Updated
2022-12-13
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Max CVSS
7.5
EPSS Score
8.66%
Published
2016-05-05
Updated
2022-12-13
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Max CVSS
7.8
EPSS Score
0.37%
Published
2016-05-20
Updated
2019-03-25
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Max CVSS
5.5
EPSS Score
0.24%
Published
2016-05-20
Updated
2019-03-25
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Max CVSS
5.5
EPSS Score
0.24%
Published
2016-05-20
Updated
2019-03-25
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
Max CVSS
5.5
EPSS Score
0.47%
Published
2016-05-20
Updated
2019-03-25
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
Max CVSS
5.5
EPSS Score
1.15%
Published
2016-05-20
Updated
2019-03-25