Redhat » Enterprise Linux Hpc Node : Security Vulnerabilities, CVEs, Published In December 2015
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
Max CVSS
7.5
EPSS Score
2.37%
Published
2015-12-17
Updated
2018-10-30
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
Max CVSS
5.0
EPSS Score
0.96%
Published
2015-12-15
Updated
2017-09-14
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Max CVSS
5.8
EPSS Score
0.74%
Published
2015-12-15
Updated
2019-03-08
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Max CVSS
6.4
EPSS Score
1.14%
Published
2015-12-15
Updated
2017-09-14
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
Max CVSS
5.0
EPSS Score
1.11%
Published
2015-12-15
Updated
2023-02-13
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.25%
Published
2015-12-15
Updated
2023-02-13
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Max CVSS
5.0
EPSS Score
1.80%
Published
2015-12-15
Updated
2023-02-12
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.80%
Published
2015-12-15
Updated
2023-02-12
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
Max CVSS
7.1
EPSS Score
0.61%
Published
2015-12-15
Updated
2019-03-08
CVE-2015-5287
Public exploit
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
Max CVSS
6.9
EPSS Score
0.09%
Published
2015-12-07
Updated
2016-12-07
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-17
Updated
2023-02-12
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
Max CVSS
3.6
EPSS Score
0.04%
Published
2015-12-07
Updated
2023-02-13
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.29%
Published
2015-12-07
Updated
2023-04-28
13 vulnerabilities found