This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2015-02-08
Product Enterprise Linux Hpc Node Eus Last view 2017-07-25
Version 7.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2017-07-25 CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.1 2016-06-07 CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.8 2016-06-07 CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

7.5 2016-05-16 CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

7.5 2016-05-16 CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

9.8 2016-05-16 CVE-2015-4603

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

9.8 2016-05-16 CVE-2015-4602

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

9.8 2016-05-16 CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

9.8 2016-05-16 CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

9.8 2016-05-16 CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

6.5 2016-05-16 CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

5.3 2016-05-16 CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

6.5 2016-05-16 CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

5 2015-06-09 CVE-2015-4148

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

7.5 2015-06-09 CVE-2015-4147

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

7.5 2015-06-09 CVE-2015-4026

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

7.5 2015-06-09 CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

5 2015-06-09 CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

7.5 2015-06-09 CVE-2015-4022

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

5 2015-06-09 CVE-2015-4021

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

6.8 2015-06-09 CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

7.5 2015-06-09 CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

7.5 2015-06-09 CVE-2015-3307

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

5.8 2015-06-09 CVE-2015-2783

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

CWE : Common Weakness Enumeration

%idName
29% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17% (6) CWE-20 Improper Input Validation
11% (4) CWE-189 Numeric Errors
8% (3) CWE-125 Out-of-bounds Read
8% (3) CWE-19 Data Handling
5% (2) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-361 Time and State
2% (1) CWE-254 Security Features
2% (1) CWE-200 Information Exposure
2% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337

Snort® IPS/IDS

Date Description
2017-10-24 PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2015-10-06 PHP phar_parse_tarfile method integer overflow attempt
RuleID : 35940 - Type : SERVER-WEBAPP - Revision : 3
2015-10-06 Microsoft System.Uri heap corruption attempt
RuleID : 35858 - Type : FILE-OTHER - Revision : 4
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35093 - Type : SERVER-OTHER - Revision : 3
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35092 - Type : SERVER-OTHER - Revision : 2
2015-08-04 PHP php_parse_metadata heap corruption attempt
RuleID : 35041 - Type : SERVER-WEBAPP - Revision : 2
2015-08-04 PHP php_parse_metadata heap corruption attempt
RuleID : 35040 - Type : SERVER-WEBAPP - Revision : 2
2015-07-28 PHP SoapClient __call method type confusion attempt
RuleID : 34983 - Type : SERVER-WEBAPP - Revision : 2
2015-05-12 PHP unserialize and __wakeup use after free attempt
RuleID : 34054 - Type : SERVER-OTHER - Revision : 2
2015-05-12 PHP unserialize and __wakeup use after free attempt
RuleID : 34053 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1201.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-02-01 Name: The remote host is affected by multiple vulnerabilities.
File: citrix_xenserver_CTX220112.nasl - Type: ACT_GATHER_INFO
2017-01-26 Name: The version of PHP running on the remote web server is affected by multiple v...
File: php_7_0_15.nasl - Type: ACT_GATHER_INFO
2016-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17049.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1912-1.nasl - Type: ACT_GATHER_INFO
2016-07-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-823.nasl - Type: ACT_GATHER_INFO
2016-07-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-824.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-17.nasl - Type: ACT_GATHER_INFO
2016-06-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-10.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-05.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1559-1.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-649.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0082.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16900.nasl - Type: ACT_GATHER_INFO
2016-05-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1311-1.nasl - Type: ACT_GATHER_INFO
2016-05-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-578.nasl - Type: ACT_GATHER_INFO
2016-05-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1247-1.nasl - Type: ACT_GATHER_INFO
2016-05-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1259-1.nasl - Type: ACT_GATHER_INFO
2016-05-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1175-1.nasl - Type: ACT_GATHER_INFO
2016-05-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1177-1.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5_4.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote AIX host is missing a security patch.
File: aix_ntp_advisory5.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-77bfbc1bcd.nasl - Type: ACT_GATHER_INFO