This page lists publicly disclosed CVE vulnerabilities affecting redhat enterprise_linux_hpc_node_eus (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-4601 | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. | [email protected] | 9.8 | 8.17% | 2016-05-16 | 2026-06-16 |
| CVE-2015-4600 | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. | [email protected] | 9.8 | 10.72% | 2016-05-16 | 2026-06-16 |
| CVE-2015-4599 | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | [email protected] | 9.8 | 10.72% | 2016-05-16 | 2026-06-16 |
| CVE-2015-4598 | PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. | [email protected] | 6.5 | 3.92% | 2016-05-16 | 2026-06-16 |
| CVE-2015-3412 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | [email protected] | 5.3 | 4.09% | 2016-05-16 | 2026-06-16 |
| CVE-2015-3411 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | [email protected] | 6.5 | 3.44% | 2016-05-16 | 2026-06-16 |
| CVE-2016-3718 KEV | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | [email protected] | 5.5 | 76.90% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3717 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | [email protected] | 5.5 | 20.44% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3716 | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | [email protected] | 3.3 | 11.34% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3715 KEV | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | [email protected] | 5.5 | 75.38% | 2016-05-05 | 2026-06-16 |
| CVE-2016-2109 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | [email protected] | 7.5 | 29.21% | 2016-05-04 | 2026-06-16 |
| CVE-2016-2108 | The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. | [email protected] | 9.8 | 77.91% | 2016-05-04 | 2026-06-16 |
| CVE-2016-2107 | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | [email protected] | 5.9 | 89.06% | 2016-05-04 | 2026-06-16 |
| CVE-2016-2106 | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | [email protected] | 7.5 | 27.26% | 2016-05-04 | 2026-06-16 |
| CVE-2016-2105 | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | [email protected] | 7.5 | 39.65% | 2016-05-04 | 2026-06-16 |
| CVE-2016-0695 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | [email protected] | 5.9 | 3.40% | 2016-04-21 | 2026-06-16 |
| CVE-2016-3069 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | [email protected] | 8.8 | 4.95% | 2016-04-13 | 2026-06-16 |
| CVE-2016-3068 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | [email protected] | 8.8 | 5.41% | 2016-04-13 | 2026-06-16 |
| CVE-2015-5229 | The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | [email protected] | 7.5 | 2.20% | 2016-04-08 | 2026-06-16 |
| CVE-2015-7547 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | [email protected] | 8.1 | 89.56% | 2016-02-18 | 2026-06-16 |