CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3451 CVE-2011-1096 310 2012-11-23 2021-06-16
5.0
None Remote Low Not required Partial None None
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
3452 CVE-2011-1094 20 2011-03-16 2017-08-17
4.3
None Remote Medium Not required None Partial None
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.
3453 CVE-2011-1093 476 DoS 2011-07-18 2020-07-31
7.8
None Remote Low Not required None None Complete
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.
3454 CVE-2011-1083 400 DoS 2011-04-04 2020-08-12
4.9
None Local Low Not required None None Complete
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
3455 CVE-2011-1044 909 +Info 2011-02-18 2020-08-12
2.1
None Local Low Not required Partial None None
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
3456 CVE-2011-0718 287 2011-02-25 2017-08-17
5.8
None Remote Medium Not required Partial Partial None
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.
3457 CVE-2011-0717 2011-02-25 2017-08-17
5.8
None Remote Medium Not required Partial Partial None
Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.
3458 CVE-2011-0711 200 +Info 2011-03-01 2020-08-07
2.1
None Local Low Not required Partial None None
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
3459 CVE-2011-0695 362 DoS 2011-03-15 2020-08-11
5.7
None Local Network Medium Not required None None Complete
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.
3460 CVE-2011-0532 264 +Priv 2011-02-23 2017-08-17
6.2
None Local High Not required Complete Complete Complete
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
3461 CVE-2011-0025 20 2011-02-04 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
3462 CVE-2011-0022 399 DoS 2011-02-23 2011-03-31
4.7
None Local Medium Not required None None Complete
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
3463 CVE-2011-0019 20 DoS 2011-02-23 2011-03-31
7.5
None Remote Low Not required Partial Partial Partial
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
3464 CVE-2010-5325 119 DoS Exec Code Overflow Mem. Corr. 2016-04-15 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
3465 CVE-2010-4805 400 DoS 2011-05-26 2020-08-04
7.8
None Remote Low Not required None None Complete
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.
3466 CVE-2010-4664 269 Bypass 2019-11-13 2019-11-18
6.5
None Remote Low ??? Partial Partial Partial
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
3467 CVE-2010-4661 434 2019-11-13 2019-11-18
4.6
None Local Low Not required Partial Partial Partial
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
3468 CVE-2010-4657 772 2019-11-13 2019-11-20
5.0
None Remote Low Not required Partial None None
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
3469 CVE-2010-4649 190 DoS Overflow Mem. Corr. 2011-02-18 2020-08-11
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.
3470 CVE-2010-4526 362 DoS 2011-01-11 2020-08-25
7.1
None Remote Medium Not required None None Complete
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
3471 CVE-2010-4494 415 DoS 2010-12-07 2020-07-31
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
3472 CVE-2010-4251 400 DoS 2011-05-26 2020-08-04
7.8
None Remote Low Not required None None Complete
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
3473 CVE-2010-4203 190 DoS Exec Code Mem. Corr. 2010-11-06 2020-07-31
10.0
None Remote Low Not required Complete Complete Complete
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
3474 CVE-2010-4179 264 2010-12-07 2021-07-15
7.5
None Remote Low Not required Partial Partial Partial
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
3475 CVE-2010-4008 119 DoS Overflow 2010-11-17 2020-06-04
4.3
None Remote Medium Not required None None Partial
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
3476 CVE-2010-3881 200 +Info 2010-12-23 2020-08-06
2.1
None Local Low Not required Partial None None
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
3477 CVE-2010-3878 352 CSRF 2010-12-30 2010-12-30
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.
3478 CVE-2010-3869 310 2010-11-17 2010-11-18
4.0
None Remote Low ??? None Partial None
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
3479 CVE-2010-3868 287 2010-11-17 2010-11-18
5.8
None Remote Medium Not required Partial Partial None
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
3480 CVE-2010-3860 200 +Info 2010-12-08 2014-10-04
5.0
None Remote Low Not required Partial None None
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
3481 CVE-2010-3857 79 XSS 2019-11-12 2019-11-14
4.3
None Remote Medium Not required None Partial None
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
3482 CVE-2010-3708 20 Exec Code 2010-12-30 2010-12-30
7.5
None Remote Low Not required Partial Partial Partial
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.
3483 CVE-2010-3702 476 DoS 2010-11-05 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
3484 CVE-2010-3701 399 DoS 2010-10-12 2010-10-13
4.0
None Remote Low ??? None None Partial
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.
3485 CVE-2010-3282 312 +Info 2020-01-09 2020-01-29
1.9
None Local Medium Not required Partial None None
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
3486 CVE-2010-2811 DoS 2010-08-24 2010-08-25
5.7
None Local Network Medium Not required None None Complete
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.
3487 CVE-2010-2793 362 +Priv 2010-12-08 2013-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
3488 CVE-2010-2784 264 DoS +Priv 2010-08-24 2010-08-25
6.6
None Local Medium ??? Complete Complete Complete
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
3489 CVE-2010-2783 200 +Info 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
3490 CVE-2010-2643 189 Exec Code Overflow 2011-01-07 2012-01-19
7.6
None Remote High Not required Complete Complete Complete
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
3491 CVE-2010-2642 119 DoS Exec Code Overflow 2011-01-07 2017-07-01
7.6
None Remote High Not required Complete Complete Complete
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
3492 CVE-2010-2641 20 DoS Exec Code 2011-01-07 2012-01-19
7.6
None Remote High Not required Complete Complete Complete
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
3493 CVE-2010-2640 20 DoS Exec Code 2011-01-07 2012-01-19
7.6
None Remote High Not required Complete Complete Complete
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
3494 CVE-2010-2598 20 DoS 2010-07-02 2016-11-08
4.3
None Remote Medium Not required None None Partial
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
3495 CVE-2010-2548 863 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
3496 CVE-2010-2493 16 Bypass 2010-08-10 2010-08-10
5.0
None Remote Low Not required Partial None None
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request.
3497 CVE-2010-2241 264 +Info 2010-08-17 2018-10-30
2.1
None Local Low Not required Partial None None
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
3498 CVE-2010-2236 20 Exec Code 2014-04-15 2014-04-16
6.0
None Remote Medium ??? Partial Partial Partial
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
3499 CVE-2010-2224 264 +Info 2010-06-24 2013-01-15
2.1
None Local Low Not required Partial None None
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
3500 CVE-2010-2223 264 +Info 2010-06-24 2010-06-25
2.1
None Local Low Not required Partial None None
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 (This Page)71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.