Vulnerabilities > Redhat > Enterprise Linux HPC Node > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-11 CVE-2016-4445 Command Injection vulnerability in multiple products
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4444 Command Injection vulnerability in multiple products
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-01-19 CVE-2016-7545 Improper Access Control vulnerability in multiple products
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
8.8
2016-09-21 CVE-2016-5418 Data Processing Errors vulnerability in multiple products
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
network
low complexity
redhat oracle libarchive CWE-19
7.5
2016-09-21 CVE-2016-4809 Improper Input Validation vulnerability in multiple products
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
network
low complexity
redhat oracle libarchive CWE-20
7.5
2016-09-21 CVE-2016-4302 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
local
low complexity
redhat libarchive CWE-119
7.8
2016-09-21 CVE-2016-4300 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
local
low complexity
libarchive redhat CWE-190
7.8
2016-07-19 CVE-2016-5388 Improper Access Control vulnerability in multiple products
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
high complexity
redhat hp oracle apache CWE-284
8.1
2016-06-27 CVE-2016-0758 Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
local
low complexity
redhat linux canonical
7.8
2016-06-13 CVE-2016-3698 Improper Access Control vulnerability in multiple products
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
network
high complexity
redhat libndp debian canonical CWE-284
8.1