Vulnerabilities > Redhat > Enterprise Linux HPC Node > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-21 CVE-2015-5300 7PK - Time and State vulnerability in multiple products
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
7.5
2017-07-21 CVE-2015-5219 Incorrect Type Conversion or Cast vulnerability in multiple products
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
7.5
2017-07-21 CVE-2015-5195 Improper Input Validation vulnerability in multiple products
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
network
low complexity
fedoraproject redhat debian canonical ntp CWE-20
7.5
2017-07-21 CVE-2015-5194 Improper Input Validation vulnerability in multiple products
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
7.5
2017-06-08 CVE-2016-5416 Information Exposure vulnerability in Redhat products
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
network
low complexity
redhat CWE-200
7.5
2017-06-08 CVE-2016-4992 Information Exposure vulnerability in Redhat products
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
network
low complexity
redhat CWE-200
7.5
2017-06-08 CVE-2016-3099 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat products
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
network
low complexity
redhat CWE-327
7.5
2017-04-14 CVE-2016-6489 Information Exposure Through Discrepancy vulnerability in multiple products
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
network
low complexity
redhat canonical nettle-project CWE-203
7.5
2017-04-11 CVE-2016-4989 Command Injection vulnerability in multiple products
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4446 Command Injection vulnerability in multiple products
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0