Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_hpc_node
(Redhat)Repositories |
• https://github.com/libarchive/libarchive
• https://github.com/torvalds/linux • https://github.com/fedora-selinux/setroubleshoot • https://github.com/ntp-project/ntp • https://github.com/krb5/krb5 |
#Vulnerabilities | 146 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-04-14 | CVE-2016-6489 | The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | Ubuntu_linux, Nettle, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
2014-08-14 | CVE-2014-4344 | The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. | Debian_linux, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2014-08-14 | CVE-2014-4343 | Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. | Debian_linux, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2014-07-20 | CVE-2014-4342 | MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. | Debian_linux, Kerberos, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2016-09-21 | CVE-2016-7166 | libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | Libarchive, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 5.5 | ||
2016-09-21 | CVE-2016-5844 | Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | Libarchive, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 6.5 | ||
2016-09-21 | CVE-2016-5418 | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | Libarchive, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openshift | 7.5 | ||
2016-09-21 | CVE-2016-4809 | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | Libarchive, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 7.5 | ||
2016-01-21 | CVE-2016-0616 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | Ubuntu_linux, Debian_linux, Mariadb, Leap, Linux, Mysql, Solaris, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A | ||
2016-01-21 | CVE-2016-0609 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. | Ubuntu_linux, Debian_linux, Mariadb, Leap, Opensuse, Linux, Mysql, Solaris, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A |