Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
RedhatEnterprise Linux Hpc Node6.0

57 matches found

CVE
CVEadded 2016/05/05 6:59 p.m.1033 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.89383EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.1029 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS
CVE
CVEadded 2016/05/05 1:59 a.m.664 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.82039EPSS
CVE
CVEadded 2016/05/05 1:59 a.m.484 views

CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

10CVSS8.3AI score0.56355EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.372 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

7.1CVSS6.2AI score0.04812EPSS
CVE
CVEadded 2017/04/14 6:59 p.m.371 views

CVE-2016-4455

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

3.3CVSS3.3AI score0.00048EPSS
CVE
CVEadded 2016/07/19 2:0 a.m.251 views

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an a...

8.1CVSS6.8AI score0.75024EPSS
CVE
CVEadded 2017/01/19 8:59 p.m.247 views

CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

8.8CVSS8.5AI score0.00036EPSS
CVE
CVEadded 2016/05/05 1:59 a.m.238 views

CVE-2016-2109

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

7.8CVSS8AI score0.57944EPSS
CVE
CVEadded 2016/05/05 1:59 a.m.230 views

CVE-2016-2106

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

7.5CVSS7.6AI score0.6302EPSS
CVE
CVEadded 2017/07/21 2:29 p.m.213 views

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherw...

7.5CVSS7.6AI score0.17786EPSS
CVE
CVEadded 2015/08/31 10:59 a.m.198 views

CVE-2015-5157

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

7.2CVSS5.7AI score0.00232EPSS
CVE
CVEadded 2016/03/24 6:59 p.m.193 views

CVE-2016-0636

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

9.3CVSS7.3AI score0.26528EPSS
CVE
CVEadded 2015/06/15 3:59 p.m.175 views

CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

4.3CVSS5.4AI score0.07071EPSS
CVE
CVEadded 2013/01/25 12:0 p.m.170 views

CVE-2012-5689

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1CVSS7.9AI score0.0381EPSS
CVE
CVEadded 2017/07/21 2:29 p.m.169 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS
CVE
CVEadded 2016/04/14 2:59 p.m.161 views

CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG im...

9.3CVSS9.1AI score0.17054EPSS
CVE
CVEadded 2017/07/21 2:29 p.m.160 views

CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5CVSS7.2AI score0.10401EPSS
CVE
CVEadded 2017/07/21 2:29 p.m.154 views

CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5CVSS7.1AI score0.11834EPSS
CVE
CVEadded 2015/11/24 8:59 p.m.152 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.136 views

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5CVSS7AI score0.01538EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.133 views

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

4.3CVSS5.4AI score0.21326EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.126 views

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1CVSS6.2AI score0.24199EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.125 views

CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

5.9CVSS6.6AI score0.0224EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.114 views

CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

7.5CVSS7.1AI score0.0226EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.113 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.05455EPSS
CVE
CVEadded 2012/07/18 11:55 p.m.110 views

CVE-2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

4.3CVSS6.2AI score0.01231EPSS
CVE
CVEadded 2012/05/03 10:55 p.m.110 views

CVE-2012-1703

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

6.8CVSS4.3AI score0.00793EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.109 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5CVSS6.7AI score0.0357EPSS
CVE
CVEadded 2015/04/08 6:59 p.m.107 views

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

4CVSS7.7AI score0.01327EPSS
CVE
CVEadded 2017/01/27 10:59 p.m.107 views

CVE-2016-9636

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buff...

9.8CVSS9.2AI score0.1664EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.106 views

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

5CVSS6.7AI score0.0357EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.105 views

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

5CVSS6.9AI score0.00551EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.102 views

CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

6.5CVSS6.5AI score0.02481EPSS
CVE
CVEadded 2017/01/27 10:59 p.m.101 views

CVE-2016-9635

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

9.8CVSS9.2AI score0.2046EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.96 views

CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

5.5CVSS6.1AI score0.00246EPSS
CVE
CVEadded 2017/01/27 10:59 p.m.94 views

CVE-2016-9634

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

9.8CVSS9.2AI score0.2046EPSS
CVE
CVEadded 2015/12/17 7:59 p.m.93 views

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

7.5CVSS7.5AI score0.1692EPSS
CVE
CVEadded 2015/02/08 11:59 a.m.91 views

CVE-2014-9674

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other...

7.5CVSS8AI score0.03297EPSS
CVE
CVEadded 2016/06/07 2:6 p.m.91 views

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

7.8CVSS8.1AI score0.00291EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.91 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

6.4CVSS7AI score0.01475EPSS
CVE
CVEadded 2015/02/08 11:59 a.m.89 views

CVE-2014-9673

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

6.8CVSS7.9AI score0.02702EPSS
CVE
CVEadded 2015/02/08 11:59 a.m.88 views

CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

5CVSS7.5AI score0.0141EPSS
CVE
CVEadded 2015/03/18 4:59 p.m.86 views

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home direct...

4.4CVSS6.3AI score0.0011EPSS
CVE
CVEadded 2015/02/08 11:59 a.m.86 views

CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVEadded 2017/06/08 7:29 p.m.86 views

CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

9.8CVSS9.1AI score0.00593EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.85 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS
CVE
CVEadded 2015/12/15 9:59 p.m.84 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8CVSS6.8AI score0.02566EPSS
CVE
CVEadded 2016/04/15 2:59 p.m.81 views

CVE-2010-5325

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

9.8CVSS9AI score0.05909EPSS
CVE
CVEadded 2014/12/18 3:59 p.m.75 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.14945EPSS
Total number of security vulnerabilities57