This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2014-07-20
Product Enterprise Linux Hpc Node Last view 2017-07-25
Version 7.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_hpc_node

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2017-07-25 CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5 2017-07-21 CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5 2017-07-21 CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

9.8 2017-06-08 CVE-2016-7050

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

7.5 2017-06-08 CVE-2016-5416

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.

9.8 2017-06-08 CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

7.5 2017-06-08 CVE-2016-4992

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.

7.5 2017-06-08 CVE-2016-3099

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

5.5 2017-04-19 CVE-2016-5410

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

7.5 2017-04-14 CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

3.3 2017-04-14 CVE-2016-4455

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

7 2017-04-11 CVE-2016-4989

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.

7 2017-04-11 CVE-2016-4446

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

7 2017-04-11 CVE-2016-4445

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

7 2017-04-11 CVE-2016-4444

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

8.8 2017-01-19 CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

4.4 2016-12-22 CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

9.8 2016-12-14 CVE-2014-8241

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

5.5 2016-10-13 CVE-2016-7796

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

5.5 2016-09-21 CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

6.5 2016-09-21 CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

7.5 2016-09-21 CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5 2016-09-21 CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
18% (18) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (14) CWE-20 Improper Input Validation
8% (8) CWE-200 Information Exposure
6% (6) CWE-399 Resource Management Errors
6% (6) CWE-189 Numeric Errors
5% (5) CWE-264 Permissions, Privileges, and Access Controls
4% (4) CWE-476 NULL Pointer Dereference
4% (4) CWE-310 Cryptographic Issues
4% (4) CWE-284 Access Control (Authorization) Issues
4% (4) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
4% (4) CWE-19 Data Handling
3% (3) CWE-125 Out-of-bounds Read
3% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (2) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-704 Incorrect Type Conversion or Cast
1% (1) CWE-502 Deserialization of Untrusted Data
1% (1) CWE-415 Double Free
1% (1) CWE-362 Race Condition
1% (1) CWE-361 Time and State
1% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (1) CWE-287 Improper Authentication
1% (1) CWE-255 Credentials Management
1% (1) CWE-254 Security Features
1% (1) CWE-199 Information Management Errors
1% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

SAINT Exploits

Description Link
ABRT/sosreport privilege elevation More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-10-24 PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41902 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41901 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41900 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41899 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41898 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41897 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41894 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41893 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41892 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41891 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41890 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41889 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41888 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41887 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41886 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41885 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41884 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41883 - Type : SERVER-OTHER - Revision : 1
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41809 - Type : FILE-IMAGE - Revision : 2
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41808 - Type : FILE-IMAGE - Revision : 2
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2
2016-05-25 libarchive RAR RestartModel out of bounds write attempt
RuleID : 39046 - Type : FILE-OTHER - Revision : 3
2016-05-25 libarchive RAR RestartModel out of bounds write attempt
RuleID : 39045 - Type : FILE-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1374.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0010.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0119.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0017.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0020.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1201.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: An enterprise management application installed on the remote host is affected...
File: oracle_enterprise_manager_jul_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-21.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-675.nasl - Type: ACT_GATHER_INFO
2017-06-05 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1481-1.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1010.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1011.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1015.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1019.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1021.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1022.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1026.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1033.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1043.nasl - Type: ACT_GATHER_INFO