Oracle Linux
213 CVEs affecting Oracle Linux. Latest disclosed: 2026-05-01. Critical: 19, High: 69.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-1908 | Critical | 9.8 | 2017-04-11 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisio… |
CVE-2016-2182 | Critical | 9.8 | 2016-09-16 | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a de… |
CVE-2016-5408 | Critical | 9.8 | 2016-08-10 | Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows… |
CVE-2016-5254 | Critical | 9.8 | 2016-08-05 | Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to exe… |
CVE-2016-2177 | Critical | 9.8 | 2016-06-20 | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (in… |
CVE-2016-5118 | Critical | 9.8 | 2016-06-10 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at t… |
CVE-2016-4448 | Critical | 9.8 | 2016-06-09 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
CVE-2015-4643 | Critical | 9.8 | 2016-05-16 | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to e… |
CVE-2010-5325 | Critical | 9.8 | 2016-04-15 | Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (mem… |
CVE-2016-1962 | Critical | 9.8 | 2016-03-13 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remot… |
CVE-2016-1930 | Critical | 9.8 | 2016-01-31 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a de… |
CVE-2015-8668 | Critical | 9.8 | 2016-01-08 | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbi… |
CVE-2015-8391 | Critical | 9.8 | 2015-12-02 | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU… |
CVE-2015-8386 | Critical | 9.8 | 2015-12-02 | PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of ser… |
CVE-2016-3610 | Critical | 9.6 | 2016-07-21 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via v… |
CVE-2016-3606 | Critical | 9.6 | 2016-07-21 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availabi… |
CVE-2016-3598 | Critical | 9.6 | 2016-07-21 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via v… |
CVE-2016-3587 | Critical | 9.6 | 2016-07-21 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via v… |
CVE-2015-7512 | Critical | 9.0 | 2016-01-08 | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of servic… |
CVE-2016-5264 | High | 8.8 | 2016-08-05 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows… |