Redhat: >> Enterprise Linux Hpc Node Eus >> 7.2 Security Vulnerabilities
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
CVSS Score
7.1
EPSS Score
0.001
Published
2016-06-09
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.205
Published
2016-06-09
CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
Known exploited
CVSS Score
5.5
EPSS Score
0.904
Published
2016-05-05
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSS Score
5.5
EPSS Score
0.392
Published
2016-05-05
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSS Score
3.3
EPSS Score
0.443
Published
2016-05-05
CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
Known exploited
CVSS Score
5.5
EPSS Score
0.894
Published
2016-05-05
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVSS Score
7.5
EPSS Score
0.376
Published
2016-05-05
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVSS Score
9.8
EPSS Score
0.326
Published
2016-05-05
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVSS Score
5.9
EPSS Score
0.785
Published
2016-05-05
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVSS Score
7.5
EPSS Score
0.393
Published
2016-05-05