Vulnerabilities > Redhat > Enterprise Linux HPC Node

DATE CVE VULNERABILITY TITLE RISK
2017-04-19 CVE-2016-5410 Improper Authentication vulnerability in multiple products
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
local
low complexity
firewalld redhat CWE-287
5.5
2017-04-14 CVE-2016-6489 Information Exposure Through Discrepancy vulnerability in multiple products
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
network
low complexity
redhat canonical nettle-project CWE-203
7.5
2017-04-14 CVE-2016-4455 Permissions, Privileges, and Access Controls vulnerability in Redhat products
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
local
low complexity
redhat CWE-264
3.3
2017-04-11 CVE-2016-4989 Command Injection vulnerability in multiple products
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4446 Command Injection vulnerability in multiple products
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4445 Command Injection vulnerability in multiple products
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4444 Command Injection vulnerability in multiple products
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-01-27 CVE-2016-9636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9635 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8