Lucene search

K
RedhatEnterprise Linux Hpc Node

30 matches found

CVE
CVE
added 2016/05/05 6:59 p.m.1033 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.89383EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.1029 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.664 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.82039EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.230 views

CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

5CVSS7.4AI score0.06971EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.227 views

CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth ou...

5CVSS7.3AI score0.69918EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.221 views

CVE-2015-4021

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory cor...

5CVSS7.2AI score0.36369EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.204 views

CVE-2015-2783

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data ...

5.8CVSS7.1AI score0.09675EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.188 views

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as dem...

5.3CVSS7AI score0.01783EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.183 views

CVE-2015-4148

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "t...

5CVSS6.9AI score0.19265EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.177 views

CVE-2016-4470

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

5.5CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2017/04/19 2:59 p.m.165 views

CVE-2016-5410

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

5.5CVSS5.3AI score0.0006EPSS
CVE
CVE
added 2015/11/24 8:59 p.m.152 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.136 views

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5CVSS7AI score0.01538EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.125 views

CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

5.9CVSS6.6AI score0.0224EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.120 views

CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS8.8AI score0.07306EPSS
CVE
CVE
added 2015/04/08 6:59 p.m.114 views

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5CVSS7.9AI score0.14762EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.113 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.05455EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.109 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5CVSS6.7AI score0.0357EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.106 views

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

5CVSS6.7AI score0.0357EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.105 views

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

5CVSS6.9AI score0.00551EPSS
CVE
CVE
added 2015/04/28 2:59 p.m.96 views

CVE-2015-1863

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

5.8CVSS7.1AI score0.05376EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.96 views

CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

5.5CVSS6.1AI score0.00246EPSS
CVE
CVE
added 2014/11/15 8:59 p.m.90 views

CVE-2014-4975

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

5CVSS5.4AI score0.02908EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.88 views

CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

5CVSS7.5AI score0.0141EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.84 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8CVSS6.8AI score0.02566EPSS
CVE
CVE
added 2014/12/18 3:59 p.m.75 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.14945EPSS
CVE
CVE
added 2016/10/13 2:59 p.m.72 views

CVE-2016-7796

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

5.5CVSS5.2AI score0.00385EPSS
CVE
CVE
added 2014/12/18 3:59 p.m.69 views

CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5CVSS8.7AI score0.059EPSS
CVE
CVE
added 2014/11/13 9:32 p.m.66 views

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing r...

5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2017/07/25 6:29 p.m.63 views

CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

5.5CVSS5.2AI score0.00067EPSS