Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Core Services Subscriptions
Total 310 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5420 4 Debian, Haxx, Opensuse and 1 more 6 Debian Linux, Libcurl, Leap and 3 more 2024-11-21 N/A
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
CVE-2016-5419 4 Debian, Haxx, Opensuse and 1 more 6 Debian Linux, Libcurl, Leap and 3 more 2024-11-21 N/A
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2016-5387 8 Apache, Canonical, Debian and 5 more 22 Http Server, Ubuntu Linux, Debian Linux and 19 more 2024-11-21 8.1 High
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVE-2016-5131 8 Apple, Canonical, Debian and 5 more 18 Iphone Os, Mac Os X, Tvos and 15 more 2024-11-21 N/A
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2016-4975 2 Apache, Redhat 3 Http Server, Enterprise Linux, Jboss Core Services 2024-11-21 N/A
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
CVE-2016-4483 4 Debian, Oracle, Redhat and 1 more 4 Debian Linux, Solaris, Jboss Core Services and 1 more 2024-11-21 7.5 High
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
CVE-2016-4459 1 Redhat 4 Enterprise Linux, Jboss Core Services, Jboss Enterprise Application Platform and 1 more 2024-11-21 N/A
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
CVE-2016-4449 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2024-11-21 N/A
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 22 Icloud, Iphone Os, Itunes and 19 more 2024-11-21 9.8 Critical
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447 9 Apple, Canonical, Debian and 6 more 14 Iphone Os, Itunes, Mac Os X and 11 more 2024-11-21 N/A
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-3705 6 Canonical, Debian, Hp and 3 more 8 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 5 more 2024-11-21 N/A
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
CVE-2016-3627 7 Canonical, Debian, Hp and 4 more 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more 2024-11-21 7.5 High
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
CVE-2016-2842 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more 2024-11-21 N/A
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
CVE-2016-2183 6 Cisco, Nodejs, Openssl and 3 more 14 Content Security Management Appliance, Node.js, Openssl and 11 more 2024-11-21 7.5 High
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVE-2016-2182 4 Hp, Openssl, Oracle and 1 more 8 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 5 more 2024-11-21 N/A
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2178 7 Canonical, Debian, Nodejs and 4 more 10 Ubuntu Linux, Debian Linux, Node.js and 7 more 2024-11-21 5.5 Medium
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE-2016-2177 4 Hp, Openssl, Oracle and 1 more 9 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 6 more 2024-11-21 N/A
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
CVE-2016-2161 2 Apache, Redhat 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more 2024-11-21 N/A
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
CVE-2016-2109 2 Openssl, Redhat 12 Openssl, Enterprise Linux, Enterprise Linux Desktop and 9 more 2024-11-21 N/A
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2016-2108 3 Google, Openssl, Redhat 13 Android, Openssl, Enterprise Linux and 10 more 2024-11-21 N/A
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.