| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-2333 |
189 |
|
DoS |
2012-05-14 |
2012-05-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
|
2 |
CVE-2012-2110 |
119 |
|
DoS Overflow Mem. Corr. |
2012-04-19 |
2012-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. |
|
3 |
CVE-2011-4622 |
|
|
DoS |
2012-01-27 |
2012-01-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. |
|
4 |
CVE-2011-4608 |
264 |
|
Bypass |
2012-01-27 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. |
|
5 |
CVE-2011-4314 |
20 |
|
|
2012-01-27 |
2012-02-06 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. |
|
6 |
CVE-2011-3636 |
352 |
|
CSRF |
2011-12-08 |
2012-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. |
|
7 |
CVE-2011-3206 |
79 |
|
XSS |
2012-01-07 |
2012-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
8 |
CVE-2011-3026 |
189 |
|
DoS Overflow |
2012-02-16 |
2012-02-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. |
|
9 |
CVE-2011-2925 |
287 |
|
Bypass |
2011-09-20 |
2011-10-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. |
|
10 |
CVE-2011-2899 |
20 |
|
Exec Code |
2011-08-31 |
2011-09-01 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. |
|
11 |
CVE-2011-2520 |
264 |
|
+Priv |
2011-07-21 |
2011-08-11 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. |
|
12 |
CVE-2011-2511 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-08-10 |
2011-11-21 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. |
|
13 |
CVE-2011-2196 |
264 |
|
Exec Code |
2011-07-26 |
2011-08-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484. |
|
14 |
CVE-2011-2178 |
|
|
|
2011-08-10 |
2011-08-11 |
4.4 |
None |
Local |
Medium |
Single system |
Complete |
None |
None |
|
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. |
|
15 |
CVE-2011-1943 |
200 |
|
+Info |
2011-06-14 |
2011-09-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. |
|
16 |
CVE-2011-1576 |
119 |
|
DoS Overflow Mem. Corr. |
2011-08-31 |
2012-03-22 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. |
|
17 |
CVE-2011-1486 |
399 |
|
DoS |
2011-05-31 |
2011-08-11 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. |
|
18 |
CVE-2011-1485 |
362 |
|
+Priv |
2011-05-31 |
2012-02-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. |
|
19 |
CVE-2011-1484 |
264 |
|
Exec Code |
2011-07-26 |
2011-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. |
|
20 |
CVE-2011-1179 |
119 |
|
DoS Exec Code Overflow |
2011-04-18 |
2011-04-20 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer. |
|
21 |
CVE-2011-1146 |
264 |
|
DoS Exec Code |
2011-03-15 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. |
|
22 |
CVE-2011-1094 |
20 |
|
|
2011-03-16 |
2011-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. |
|
23 |
CVE-2011-1011 |
264 |
|
DoS +Priv |
2011-02-24 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. |
|
24 |
CVE-2011-0720 |
|
|
|
2011-02-03 |
2011-04-29 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. |
|
25 |
CVE-2011-0718 |
287 |
|
|
2011-02-25 |
2011-03-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks. |
|
26 |
CVE-2011-0717 |
|
|
|
2011-02-25 |
2011-03-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. |
|
27 |
CVE-2011-0714 |
399 |
|
DoS |
2011-05-04 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. |
|
28 |
CVE-2011-0706 |
264 |
|
+Priv |
2011-02-18 |
2012-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." |
|
29 |
CVE-2011-0536 |
|
|
+Priv |
2011-04-08 |
2012-01-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
|
30 |
CVE-2011-0532 |
264 |
|
+Priv |
2011-02-23 |
2011-03-30 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
31 |
CVE-2011-0025 |
20 |
|
|
2011-02-04 |
2011-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. |
|
32 |
CVE-2011-0022 |
399 |
|
DoS |
2011-02-23 |
2011-03-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. |
|
33 |
CVE-2011-0019 |
20 |
|
DoS |
2011-02-23 |
2011-03-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. |
|
34 |
CVE-2011-0012 |
59 |
|
|
2011-04-18 |
2011-04-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. |
|
35 |
CVE-2010-4351 |
264 |
|
Bypass |
2011-01-20 |
2011-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. |
|
36 |
CVE-2010-4265 |
|
|
DoS |
2010-12-30 |
2010-12-31 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. |
|
37 |
CVE-2010-4179 |
264 |
|
|
2010-12-07 |
2010-12-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. |
|
38 |
CVE-2010-4161 |
399 |
|
DoS |
2010-12-30 |
2011-10-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. |
|
39 |
CVE-2010-3878 |
352 |
|
CSRF |
2010-12-30 |
2010-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. |
|
40 |
CVE-2010-3869 |
310 |
|
|
2010-11-17 |
2010-11-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. |
|
41 |
CVE-2010-3868 |
287 |
|
|
2010-11-17 |
2010-11-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. |
|
42 |
CVE-2010-3862 |
20 |
|
DoS |
2010-12-30 |
2010-12-31 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data. |
|
43 |
CVE-2010-3860 |
200 |
|
+Info |
2010-12-08 |
2011-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. |
|
44 |
CVE-2010-3852 |
287 |
|
Bypass |
2010-11-05 |
2010-11-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. |
|
45 |
CVE-2010-3708 |
20 |
|
Exec Code |
2010-12-30 |
2010-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer. |
|
46 |
CVE-2010-3701 |
399 |
|
DoS |
2010-10-12 |
2010-10-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. |
|
47 |
CVE-2010-3083 |
|
|
DoS |
2010-10-12 |
2010-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. |
|
48 |
CVE-2010-2811 |
|
|
DoS |
2010-08-24 |
2010-08-25 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. |
|
49 |
CVE-2010-2794 |
59 |
|
|
2010-08-30 |
2010-09-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file. |
|
50 |
CVE-2010-2793 |
362 |
|
+Priv |
2010-12-08 |
2010-12-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. |
