Vulnerabilities > Redhat > Enterprise Linux HPC Node

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2015-3149 Link Following vulnerability in Redhat products
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
local
low complexity
redhat CWE-59
5.5
2017-07-21 CVE-2015-5300 7PK - Time and State vulnerability in multiple Linux Systems
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
5.0
2017-07-21 CVE-2015-5219 Incorrect Type Conversion or Cast vulnerability in multiple products
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
7.5
2017-07-21 CVE-2015-5195 Improper Input Validation vulnerability in multiple products
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
network
low complexity
fedoraproject redhat debian canonical ntp CWE-20
7.5
2017-07-21 CVE-2015-5194 Improper Input Validation vulnerability in multiple products
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
7.5
2017-07-17 CVE-2016-0764 Race Condition vulnerability in Redhat Networkmanager
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
local
low complexity
redhat CWE-362
2.1
2017-06-26 CVE-2015-3315 Link Following vulnerability in Redhat Automatic BUG Reporting Tool
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
local
low complexity
redhat CWE-59
7.2
2017-06-08 CVE-2016-7050 Deserialization of Untrusted Data vulnerability in Redhat products
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
network
low complexity
redhat CWE-502
7.5
2017-06-08 CVE-2016-5416 Information Exposure vulnerability in Redhat products
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
network
low complexity
redhat CWE-200
7.5
2017-06-08 CVE-2016-5405 Information Management Errors vulnerability in Redhat products
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
network
low complexity
redhat CWE-199
critical
9.8