Vulnerabilities > Redhat > Enterprise Linux HPC Node > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-25 | CVE-2015-3149 | Link Following vulnerability in Redhat products The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | 5.5 |
2017-04-19 | CVE-2016-5410 | Improper Authentication vulnerability in multiple products firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | 5.5 |
2016-12-22 | CVE-2016-7091 | Information Exposure vulnerability in Redhat products sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. | 4.4 |
2016-10-13 | CVE-2016-7796 | Improper Input Validation vulnerability in multiple products The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | 5.5 |
2016-09-21 | CVE-2016-7166 | Resource Management Errors vulnerability in multiple products libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | 5.5 |
2016-09-21 | CVE-2016-5844 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | 6.5 |
2016-06-27 | CVE-2016-4470 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | 5.5 |
2016-05-16 | CVE-2015-4598 | Improper Input Validation vulnerability in multiple products PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. | 6.5 |
2016-05-16 | CVE-2015-3412 | 7PK - Security Features vulnerability in multiple products PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | 5.3 |
2016-05-16 | CVE-2015-3411 | Improper Input Validation vulnerability in multiple products PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | 6.5 |