CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3051 CVE-2013-2144 264 DoS 2013-07-03 2013-07-04
5.0
None Remote Low Not required None None Partial
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.
3052 CVE-2013-2143 20 1 +Priv 2014-04-17 2021-07-16
6.5
None Remote Low ??? Partial Partial Partial
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
3053 CVE-2013-2133 264 2013-12-06 2019-04-22
5.5
None Remote Low ??? Partial Partial None
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
3054 CVE-2013-2121 94 1 Exec Code 2013-07-31 2018-08-13
6.0
None Remote Medium ??? Partial Partial Partial
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
3055 CVE-2013-2119 264 DoS +Priv 2014-01-03 2016-12-06
4.6
None Local Low Not required Partial Partial Partial
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
3056 CVE-2013-2113 264 +Priv 2013-07-31 2018-08-13
6.0
None Remote Medium ??? Partial Partial Partial
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
3057 CVE-2013-2103 20 2019-12-03 2019-12-13
5.5
None Remote Low ??? Partial Partial None
OpenShift cartridge allows remote URL retrieval
3058 CVE-2013-2102 287 +Info 2013-10-28 2013-10-30
3.3
None Local Network Low Not required Partial None None
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
3059 CVE-2013-2101 79 XSS 2019-12-03 2019-12-11
3.5
None Remote Medium ??? None Partial None
Katello has multiple XSS issues in various entities
3060 CVE-2013-2069 264 +Priv 2013-05-29 2018-12-06
7.2
None Local Low Not required Complete Complete Complete
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
3061 CVE-2013-2068 22 1 Dir. Trav. 2013-09-28 2014-01-14
9.4
None Remote Low Not required None Complete Complete
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
3062 CVE-2013-2060 78 Exec Code 2020-01-28 2020-01-30
10.0
None Remote Low Not required Complete Complete Complete
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
3063 CVE-2013-2056 287 2013-07-31 2013-07-31
5.0
None Remote Low Not required Partial None None
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
3064 CVE-2013-2051 264 Bypass 2013-07-09 2019-04-22
2.6
None Remote High Not required None Partial None
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
3065 CVE-2013-2050 89 Exec Code Sql 2014-01-11 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
3066 CVE-2013-2049 384 2018-05-01 2018-06-13
5.0
None Remote Low Not required None Partial None
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
3067 CVE-2013-2035 94 Exec Code 2013-08-28 2015-01-18
4.4
None Local Medium Not required Partial Partial Partial
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
3068 CVE-2013-2029 59 2013-11-23 2013-11-25
6.3
None Local Medium Not required None Complete Complete
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
3069 CVE-2013-2015 399 DoS 2013-04-29 2019-04-22
4.7
None Local Medium Not required None None Complete
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
3070 CVE-2013-1978 119 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
3071 CVE-2013-1976 59 2013-07-09 2019-04-22
6.9
None Local Medium Not required Complete Complete Complete
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
3072 CVE-2013-1962 399 DoS 2013-05-29 2017-08-29
5.0
None Remote Low Not required None None Partial
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
3073 CVE-2013-1950 399 DoS 2013-07-09 2013-10-11
4.3
None Remote Medium Not required None None Partial
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
3074 CVE-2013-1943 20 +Priv +Info 2013-07-16 2020-08-03
4.4
None Local Medium Not required Partial Partial Partial
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
3075 CVE-2013-1935 362 DoS 2013-07-16 2019-04-22
5.7
None Local Network Medium Not required None None Complete
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.
3076 CVE-2013-1928 200 +Info 2013-04-29 2019-04-22
4.7
None Local Medium Not required Complete None None
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
3077 CVE-2013-1927 Exec Code 2013-04-29 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
3078 CVE-2013-1926 +Info 2013-04-29 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
3079 CVE-2013-1921 310 2013-09-28 2014-03-08
1.9
None Local Medium Not required Partial None None
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
3080 CVE-2013-1913 189 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
3081 CVE-2013-1909 20 2013-08-23 2013-08-26
5.8
None Remote Medium Not required Partial Partial None
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3082 CVE-2013-1892 20 2 DoS Exec Code 2013-10-01 2013-12-01
6.0
None Remote Medium ??? Partial Partial Partial
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
3083 CVE-2013-1886 134 DoS Exec Code 2014-01-24 2015-08-26
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.
3084 CVE-2013-1885 79 XSS 2014-01-24 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/.
3085 CVE-2013-1872 119 DoS Exec Code Overflow 2013-08-19 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
3086 CVE-2013-1871 79 XSS 2014-02-14 2015-07-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
3087 CVE-2013-1869 20 XSS Http R.Spl. 2014-04-01 2014-04-01
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
3088 CVE-2013-1861 119 DoS Overflow 2013-03-28 2019-04-22
5.0
None Remote Low Not required None None Partial
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
3089 CVE-2013-1857 79 XSS 2013-03-19 2019-08-08
4.3
None Remote Medium Not required None Partial None
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
3090 CVE-2013-1855 79 XSS 2013-03-19 2019-08-08
4.3
None Remote Medium Not required None Partial None
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
3091 CVE-2013-1854 20 DoS 2013-03-19 2019-08-08
5.0
None Remote Low Not required None None Partial
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
3092 CVE-2013-1824 200 +Info 2013-09-16 2019-04-22
4.3
None Remote Medium Not required Partial None None
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
3093 CVE-2013-1823 79 XSS 2013-04-02 2013-04-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
3094 CVE-2013-1820 20 2019-11-08 2019-11-14
4.7
None Local Medium Not required None None Complete
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
3095 CVE-2013-1817 200 +Info 2019-11-20 2019-11-21
5.0
None Remote Low Not required Partial None None
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
3096 CVE-2013-1816 20 DoS 2019-11-20 2019-11-21
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
3097 CVE-2013-1815 255 2013-04-10 2017-08-29
4.4
None Local Medium Not required Partial Partial Partial
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
3098 CVE-2013-1813 264 2013-11-23 2020-08-27
7.2
None Local Low Not required Complete Complete Complete
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
3099 CVE-2013-1793 306 2019-12-10 2019-12-14
5.0
None Remote Low Not required Partial None None
openstack-utils openstack-db has insecure password creation
3100 CVE-2013-1774 264 DoS 2013-02-28 2019-04-22
4.0
None Local High Not required None None Complete
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 (This Page)63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.