VYPR

Enterprise Linux Hpc Node

by Red Hat

CVEs (143)

  • CVE-2016-2107MedMay 5, 2016
    risk 0.48cvss 5.9epss 0.89

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE:…

  • CVE-2016-4989HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3)…

  • CVE-2016-4446HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

  • CVE-2016-4445HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

  • CVE-2016-4444HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

  • CVE-2015-5261HigJun 7, 2016
    risk 0.46cvss 7.1epss 0.00

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

  • CVE-2016-0758HigJun 27, 2016
    risk 0.44cvss 7.8epss 0.00

    Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

  • CVE-2015-4598MedMay 16, 2016
    risk 0.43cvss 6.5epss 0.04

    PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD…

  • CVE-2015-3411MedMay 16, 2016
    risk 0.43cvss 6.5epss 0.03

    PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the…

  • CVE-2015-5219HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

  • CVE-2015-5195HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.07

    ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

  • CVE-2015-5194HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

  • CVE-2016-3717MedMay 5, 2016
    risk 0.40cvss 5.5epss 0.20

    The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

  • CVE-2016-0695MedApr 21, 2016
    risk 0.39cvss 5.9epss 0.03

    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

  • CVE-2015-3149MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

  • CVE-2016-5410MedApr 19, 2017
    risk 0.36cvss 5.5epss 0.00

    firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

  • CVE-2016-7796MedOct 13, 2016
    risk 0.36cvss 5.5epss 0.01

    The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

  • CVE-2016-4470MedJun 27, 2016
    risk 0.36cvss 5.5epss 0.01

    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

  • CVE-2015-3412MedMay 16, 2016
    risk 0.35cvss 5.3epss 0.04

    PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in…

  • CVE-2016-7091MedDec 22, 2016
    risk 0.29cvss 4.4epss 0.00

    sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline…

Page 3 of 8