| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
2 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
3 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
4 |
CVE-2013-0241 |
399 |
|
DoS |
2013-02-12 |
2013-02-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. |
|
5 |
CVE-2013-0218 |
200 |
|
+Info |
2013-02-05 |
2013-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. |
|
6 |
CVE-2012-6120 |
264 |
|
+Info |
2013-04-10 |
2013-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. |
|
7 |
CVE-2012-6119 |
264 |
|
|
2013-04-02 |
2013-04-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. |
|
8 |
CVE-2012-6117 |
264 |
|
|
2013-03-12 |
2013-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. |
|
9 |
CVE-2012-6115 |
255 |
|
+Info |
2013-03-12 |
2013-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. |
|
10 |
CVE-2012-5658 |
310 |
|
+Info |
2013-02-24 |
2013-02-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. |
|
11 |
CVE-2012-5635 |
264 |
|
|
2013-04-09 |
2013-04-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. |
|
12 |
CVE-2012-5605 |
264 |
|
|
2013-01-04 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. |
|
13 |
CVE-2012-5516 |
200 |
|
+Info |
2013-01-04 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. |
|
14 |
CVE-2012-5509 |
264 |
|
|
2013-03-12 |
2013-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. |
|
15 |
CVE-2012-4574 |
255 |
|
|
2013-01-04 |
2013-01-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. |
|
16 |
CVE-2012-4453 |
264 |
|
+Info |
2012-10-09 |
2013-01-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. |
|
17 |
CVE-2012-3368 |
189 |
|
+Info |
2012-07-03 |
2012-07-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. |
|
18 |
CVE-2012-2746 |
310 |
|
|
2012-07-03 |
2012-07-05 |
2.1 |
None |
Remote |
High |
Single system |
Partial |
None |
None |
|
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. |
|
19 |
CVE-2012-2696 |
264 |
|
|
2013-01-04 |
2013-01-07 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. |
|
20 |
CVE-2012-2679 |
264 |
|
+Info |
2012-10-22 |
2012-11-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. |
|
21 |
CVE-2012-0034 |
255 |
|
+Info |
2013-02-05 |
2013-02-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. |
|
22 |
CVE-2011-1943 |
200 |
|
+Info |
2011-06-14 |
2011-09-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. |
|
23 |
CVE-2010-4265 |
|
|
DoS |
2010-12-30 |
2010-12-31 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. |
|
24 |
CVE-2010-3862 |
20 |
|
DoS |
2010-12-30 |
2010-12-31 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data. |
|
25 |
CVE-2010-2241 |
264 |
|
+Info |
2010-08-17 |
2010-08-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. |
|
26 |
CVE-2010-2224 |
264 |
|
+Info |
2010-06-24 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. |
|
27 |
CVE-2010-2223 |
264 |
|
+Info |
2010-06-24 |
2010-06-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. |
|
28 |
CVE-2010-0730 |
20 |
|
DoS |
2010-05-12 |
2012-03-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. |
|
29 |
CVE-2009-5066 |
255 |
|
|
2012-08-13 |
2013-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. |
|
30 |
CVE-2009-3554 |
200 |
|
+Info |
2009-12-15 |
2009-12-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. |
|
31 |
CVE-2008-3270 |
310 |
|
DoS |
2008-08-18 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. |
|
32 |
CVE-2008-2368 |
255 |
|
|
2009-01-20 |
2009-02-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. |
|
33 |
CVE-2008-2367 |
264 |
|
|
2009-01-20 |
2009-02-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. |
|
34 |
CVE-2008-0889 |
264 |
|
Exec Code |
2008-03-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. |
|
35 |
CVE-2007-6131 |
16 |
|
|
2007-11-26 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. |
|
36 |
CVE-2007-3379 |
|
|
DoS |
2007-09-17 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. |
|
37 |
CVE-2007-3100 |
|
|
DoS |
2007-06-14 |
2012-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. |
|
38 |
CVE-2007-3099 |
|
|
DoS |
2007-06-14 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). |
|
39 |
CVE-2006-3813 |
|
|
|
2006-08-11 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. |
|
40 |
CVE-2005-2104 |
|
|
+Info |
2005-10-07 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. |
|
41 |
CVE-2005-2100 |
|
|
DoS |
2005-10-25 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). |
|
42 |
CVE-2005-1918 |
|
|
Dir. Trav. |
2005-12-31 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". |
|
43 |
CVE-2005-1038 |
|
|
|
2005-05-02 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. |
|
44 |
CVE-2005-0757 |
|
|
DoS |
2005-05-18 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. |
|
45 |
CVE-2005-0736 |
|
|
Overflow |
2005-03-09 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. |
|
46 |
CVE-2005-0207 |
|
|
DoS |
2005-05-02 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. |
|
47 |
CVE-2005-0156 |
|
|
Exec Code Overflow |
2005-02-07 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. |
|
48 |
CVE-2005-0092 |
|
|
DoS |
2005-02-19 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). |
|
49 |
CVE-2005-0090 |
|
|
DoS |
2005-05-02 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash). |
|
50 |
CVE-2005-0077 |
|
|
|
2005-05-02 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. |
