Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
There are 136 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Published: May 16, 2016; 6:59:08 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

Published: May 16, 2016; 6:59:07 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Published: May 16, 2016; 6:59:06 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

Published: May 16, 2016; 6:59:05 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 7.5 HIGH
CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

Published: May 16, 2016; 6:59:03 AM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

Published: May 16, 2016; 6:59:02 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Published: May 05, 2016; 2:59:08 PM -0400
V3.0: 6.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:07 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:06 PM -0400
V3.0: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Published: May 05, 2016; 2:59:04 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-2109

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Published: May 04, 2016; 9:59:05 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Published: May 04, 2016; 9:59:04 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Published: May 04, 2016; 9:59:03 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2016-2106

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Published: May 04, 2016; 9:59:02 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Published: May 04, 2016; 9:59:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

Published: April 21, 2016; 6:59:55 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2016-0741

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

Published: April 19, 2016; 5:59:06 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Published: April 13, 2016; 12:59:17 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Published: April 13, 2016; 12:59:16 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Published: April 08, 2016; 11:59:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM