National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:redhat:enterprise_linux_hpc_node:6.0
There are 58 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

Published: July 25, 2017; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-5416

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.

Published: June 08, 2017; 03:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

Published: June 08, 2017; 03:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2016-4992

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.

Published: June 08, 2017; 03:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-4455

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

Published: April 14, 2017; 02:59:00 PM -04:00
V3: 3.3 LOW
V2: 2.1 LOW
CVE-2016-9636

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.

Published: January 27, 2017; 05:59:02 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-9635

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Published: January 27, 2017; 05:59:01 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-9634

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

Published: January 27, 2017; 05:59:01 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Published: January 19, 2017; 03:59:00 PM -05:00
V3: 8.8 HIGH
V2: 7.2 HIGH
CVE-2016-6325

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Published: October 13, 2016; 10:59:09 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

Published: September 21, 2016; 10:25:29 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

Published: September 21, 2016; 10:25:16 AM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

Published: September 21, 2016; 10:25:13 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

Published: September 21, 2016; 10:25:05 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Published: July 18, 2016; 10:00:20 PM -04:00
V3: 8.1 HIGH
V2: 5.1 MEDIUM
CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Published: June 07, 2016; 10:06:07 AM -04:00
V3: 7.1 HIGH
V2: 3.6 LOW