Redhat Enterprise Linux Hpc Node — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Linux Hpc Node, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (146)
CVE-2010-5325 — CVSS 9.8 (critical): Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a…
CVE-2014-8241 — CVSS 9.8 (critical): XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a…
CVE-2016-9636 — CVSS 9.8 (critical): Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2…
CVE-2015-4601 — CVSS 9.8 (critical): PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an…
CVE-2015-4600 — CVSS 9.8 (critical): The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial…
CVE-2016-5405 — CVSS 9.8 (critical): 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise…
CVE-2015-4599 — CVSS 9.8 (critical): The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote…
CVE-2015-4603 — CVSS 9.8 (critical): The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows…
CVE-2016-9634 — CVSS 9.8 (critical): Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2…
CVE-2015-4602 — CVSS 9.8 (critical): The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8…
CVE-2016-9635 — CVSS 9.8 (critical): Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2…
CVE-2016-2108 — CVSS 9.8 (critical): The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a…
CVE-2016-7050 — CVSS 9.8 (critical): SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux…
CVE-2015-8540 — CVSS 8.8 (high): Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before…
CVE-2016-3069 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-7545 — CVSS 8.8 (high): SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-3068 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2015-7547 — CVSS 8.1 (high): Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc…
CVE-2016-5388 — CVSS 8.1 (high): Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does…
CVE-2016-3698 — CVSS 8.1 (high): libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which…
CVE-2016-0636 — CVSS 8.1 (high): Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-5260 — CVSS 7.8 (high): Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and…
CVE-2014-7145 — CVSS 7.8 (high): The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL…
CVE-2014-4344 — CVSS 7.8 (high): The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x…
CVE-2016-0758 — CVSS 7.8 (high): Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4300 — CVSS 7.8 (high): Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote…
CVE-2016-4302 — CVSS 7.8 (high): Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote…
CVE-2014-4343 — CVSS 7.6 (high): Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5…
CVE-2016-2106 — CVSS 7.5 (high): Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote…
CVE-2014-9657 — CVSS 7.5 (high): The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote…
CVE-2014-9658 — CVSS 7.5 (high): The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote…
CVE-2014-9660 — CVSS 7.5 (high): The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows…
CVE-2014-9661 — CVSS 7.5 (high): type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows…
CVE-2014-9663 — CVSS 7.5 (high): The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is…
CVE-2014-9674 — CVSS 7.5 (high): The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the…
CVE-2015-2301 — CVSS 7.5 (high): Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote…
CVE-2015-2787 — CVSS 7.5 (high): Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before…
CVE-2015-3276 — CVSS 7.5 (high): The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher…
CVE-2015-3307 — CVSS 7.5 (high): The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote…
CVE-2015-3329 — CVSS 7.5 (high): Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and…
CVE-2015-4022 — CVSS 7.5 (high): Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows…
CVE-2015-4025 — CVSS 7.5 (high): PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain…
CVE-2015-4026 — CVSS 7.5 (high): The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a…
CVE-2015-4147 — CVSS 7.5 (high): The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that…
CVE-2015-4604 — CVSS 7.5 (high): The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before…
CVE-2015-4605 — CVSS 7.5 (high): The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x…
CVE-2015-5194 — CVSS 7.5 (high): The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd…
CVE-2015-5195 — CVSS 7.5 (high): ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted…
CVE-2015-5219 — CVSS 7.5 (high): The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
CVE-2015-5229 — CVSS 7.5 (high): The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which…
CVE-2015-5300 — CVSS 7.5 (high): The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128…
CVE-2015-8327 — CVSS 7.5 (high): Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x…
CVE-2016-0741 — CVSS 7.5 (high): slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a…
CVE-2016-2105 — CVSS 7.5 (high): Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote…
CVE-2016-2109 — CVSS 7.5 (high): The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h…
CVE-2016-3099 — CVSS 7.5 (high): mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat…
CVE-2016-4809 — CVSS 7.5 (high): The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers…
CVE-2016-4992 — CVSS 7.5 (high): 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise…
CVE-2016-5416 — CVSS 7.5 (high): 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise…
CVE-2016-5418 — CVSS 7.5 (high): The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote…
CVE-2016-6489 — CVSS 7.5 (high): The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2014-7300 — CVSS 7.2 (high): GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc…
CVE-2016-0546 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2015-5157 — CVSS 7.2 (high): arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred…
CVE-2015-4819 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality…
CVE-2015-5277 — CVSS 7.2 (high): The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might…
CVE-2012-5689 — CVSS 7.1 (high): ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that…
CVE-2015-5261 — CVSS 7.1 (high): Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via…
CVE-2015-5312 — CVSS 7.1 (high): The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows…
CVE-2016-4444 — CVSS 7.0 (high): The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux…
CVE-2016-4445 — CVSS 7.0 (high): The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by…
CVE-2016-4989 — CVSS 7.0 (high): setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an…
CVE-2016-4446 — CVSS 7.0 (high): The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial…
CVE-2015-3247 — CVSS 6.9 (medium): Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of…
CVE-2015-5287 — CVSS 6.9 (medium): The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain…
CVE-2015-3330 — CVSS 6.8 (medium): The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the…
CVE-2014-9673 — CVSS 6.8 (medium): Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause…
CVE-2015-5234 — CVSS 6.8 (medium): IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets…
CVE-2014-9667 — CVSS 6.8 (medium): sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote…
CVE-2012-1703 — CVSS 6.8 (medium): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote…
CVE-2014-9669 — CVSS 6.8 (medium): Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds…
CVE-2014-9666 — CVSS 6.8 (medium): The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting…
CVE-2014-9664 — CVSS 6.8 (medium): FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a…
CVE-2016-0505 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2016-5844 — CVSS 6.5 (medium): Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via…
CVE-2015-3411 — CVSS 6.5 (medium): PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote…
CVE-2015-4598 — CVSS 6.5 (medium): PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote…
CVE-2015-8241 — CVSS 6.4 (medium): The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of…
CVE-2016-2107 — CVSS 5.9 (medium): The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding…
CVE-2016-0695 — CVSS 5.9 (medium): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to…
CVE-2015-8242 — CVSS 5.8 (medium): The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers…
CVE-2015-1863 — CVSS 5.8 (medium): Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or…
CVE-2015-2783 — CVSS 5.8 (medium): ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information…
CVE-2015-3149 — CVSS 5.5 (medium): The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a…
CVE-2016-3717 — CVSS 5.5 (medium): The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-7796 — CVSS 5.5 (medium): The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message…
CVE-2016-7166 — CVSS 5.5 (medium): libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2016-5410 — CVSS 5.5 (medium): firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1)…
CVE-2015-3412 — CVSS 5.3 (medium): PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote…
CVE-2014-8108 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to…
CVE-2014-3580 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause…
CVE-2015-7497 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to…
CVE-2015-7498 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause…
CVE-2015-7499 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain…
CVE-2015-7500 — CVSS 5.0 (medium): The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service…
CVE-2015-7981 — CVSS 5.0 (medium): The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote…
CVE-2015-8317 — CVSS 5.0 (medium): The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an…
CVE-2014-8564 — CVSS 5.0 (medium): The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows…
CVE-2014-9675 — CVSS 5.0 (medium): bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote…
CVE-2014-4975 — CVSS 5.0 (medium): Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string…
CVE-2015-0248 — CVSS 5.0 (medium): The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a…
CVE-2015-2348 — CVSS 5.0 (medium): The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7…
CVE-2014-4342 — CVSS 5.0 (medium): MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL…
CVE-2015-4021 — CVSS 5.0 (medium): The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that…
CVE-2015-4024 — CVSS 5.0 (medium): Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25…
CVE-2015-4148 — CVSS 5.0 (medium): The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri…
CVE-2014-9273 — CVSS 4.6 (medium): lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers…
CVE-2016-7091 — CVSS 4.4 (medium): sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves…
CVE-2014-8169 — CVSS 4.4 (medium): automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values…
CVE-2015-5235 — CVSS 4.3 (medium): IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers…
CVE-2012-6137 — CVSS 4.3 (medium): rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate…
CVE-2014-9671 — CVSS 4.3 (medium): Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of…
CVE-2014-9670 — CVSS 4.3 (medium): Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to…
CVE-2012-0867 — CVSS 4.3 (medium): PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying…
CVE-2015-4142 — CVSS 4.3 (medium): Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode…
CVE-2012-6662 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before…
CVE-2016-0596 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and…
CVE-2015-0432 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors…
CVE-2016-0616 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10…
CVE-2015-0251 — CVSS 4.0 (medium): The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the…
CVE-2014-3528 — CVSS 4.0 (medium): Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store…
CVE-2016-0597 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2015-5273 — CVSS 3.6 (low): The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to…
CVE-2016-0598 — CVSS 3.5 (low): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2015-0236 — CVSS 3.5 (low): libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted…
CVE-2016-0608 — CVSS 3.5 (low): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2016-0606 — CVSS 3.5 (low): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2016-0600 — CVSS 3.5 (low): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2016-4455 — CVSS 3.3 (low): The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for…
CVE-2016-3716 — CVSS 3.3 (low): The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2014-8136 — CVSS 2.1 (low): The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when…
CVE-2014-3640 — CVSS 2.1 (low): The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by…
CVE-2016-0609 — CVSS 1.7 (low): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…