CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux Workstation : Security Vulnerabilities Published In 2016 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-7865 704 Exec Code 2016-11-08 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
2 CVE-2016-7864 416 Exec Code 2016-11-08 2019-05-15
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
3 CVE-2016-7863 416 Exec Code 2016-11-08 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
4 CVE-2016-7862 416 Exec Code 2016-11-08 2019-05-15
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
5 CVE-2016-7861 704 Exec Code 2016-11-08 2019-05-15
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
6 CVE-2016-7860 704 Exec Code 2016-11-08 2019-05-15
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
7 CVE-2016-7859 416 Exec Code 2016-11-08 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
8 CVE-2016-7858 416 Exec Code 2016-11-08 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
9 CVE-2016-7857 416 Exec Code 2016-11-08 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
10 CVE-2016-7855 416 Exec Code 2016-11-01 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
11 CVE-2016-6662 264 Exec Code Bypass 2016-09-20 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
12 CVE-2016-5408 119 Exec Code Overflow 2016-08-10 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.
13 CVE-2016-5126 787 DoS Exec Code Overflow 2016-06-01 2020-10-15
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
14 CVE-2016-4302 119 Exec Code Overflow 2016-09-21 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
15 CVE-2016-4300 190 Exec Code Overflow 2016-09-21 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
16 CVE-2016-4273 119 DoS Exec Code Overflow Mem. Corr. 2016-10-13 2019-08-19
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
17 CVE-2016-4171 Exec Code 2016-06-16 2017-01-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
18 CVE-2016-3710 119 Exec Code Overflow 2016-05-11 2020-05-14
7.2
None Local Low Not required Complete Complete Complete
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
19 CVE-2016-3069 20 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
20 CVE-2016-3068 20 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
21 CVE-2016-2818 119 DoS Exec Code Overflow Mem. Corr. 2016-06-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
22 CVE-2016-2108 119 DoS Exec Code Overflow Mem. Corr. 2016-05-05 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
23 CVE-2016-1840 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2019-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
24 CVE-2016-1834 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
25 CVE-2016-0376 Exec Code Bypass 2016-06-03 2019-06-24
5.1
None Remote High Not required Partial Partial Partial
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
26 CVE-2016-0264 119 Exec Code Overflow 2016-05-24 2019-06-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
27 CVE-2015-7547 119 DoS Exec Code Overflow 2016-02-18 2018-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
28 CVE-2015-7512 120 DoS Exec Code Overflow 2016-01-08 2020-09-09
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
29 CVE-2015-5260 119 DoS Exec Code Overflow Mem. Corr. 2016-06-07 2017-09-16
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
30 CVE-2015-4643 119 Exec Code Overflow 2016-05-16 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
31 CVE-2015-4605 20 DoS Exec Code 2016-05-16 2019-04-22
5.0
None Remote Low Not required None None Partial
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
32 CVE-2015-4604 20 DoS Exec Code 2016-05-16 2019-04-22
5.0
None Remote Low Not required None None Partial
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
33 CVE-2015-4603 Exec Code 2016-05-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
34 CVE-2015-4602 DoS Exec Code 2016-05-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
35 CVE-2015-4601 DoS Exec Code 2016-05-16 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
36 CVE-2015-4600 DoS Exec Code 2016-05-16 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.
37 CVE-2015-4599 DoS Exec Code +Info 2016-05-16 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
38 CVE-2010-5325 119 DoS Exec Code Overflow Mem. Corr. 2016-04-15 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.