Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4602 |
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. Published: May 16, 2016; 6:59:10 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-4598 |
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. Published: May 16, 2016; 6:59:05 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 7.5 HIGH |
CVE-2015-3412 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. Published: May 16, 2016; 6:59:03 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2015-3411 |
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. Published: May 16, 2016; 6:59:02 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2015-1350 |
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. Published: May 02, 2016; 6:59:07 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-2143 |
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. Published: April 27, 2016; 1:59:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2016-0666 |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. Published: April 21, 2016; 6:59:30 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0665 |
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. Published: April 21, 2016; 6:59:29 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0661 |
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. Published: April 21, 2016; 6:59:27 AM -0400 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0655 |
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. Published: April 21, 2016; 6:59:22 AM -0400 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0650 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. Published: April 21, 2016; 6:59:18 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0649 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. Published: April 21, 2016; 6:59:17 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0648 |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. Published: April 21, 2016; 6:59:16 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0647 |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. Published: April 21, 2016; 6:59:15 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0646 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. Published: April 21, 2016; 6:59:14 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0644 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. Published: April 21, 2016; 6:59:13 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-0643 |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. Published: April 21, 2016; 6:59:12 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 4.0 MEDIUM |
CVE-2016-0641 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. Published: April 21, 2016; 6:59:10 AM -0400 |
V4.0:(not available) V3.0: 5.1 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-0640 |
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. Published: April 21, 2016; 6:59:09 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-0639 |
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. Published: April 21, 2016; 6:59:09 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |