Redhat : Security Vulnerabilities (CVSS score between 3 and 3.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2013-1766	264		2013-03-20	2013-03-21	3.6	None	Local	Low	Not required	None	Partial	Partial
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
2	CVE-2013-0219	264		2013-02-24	2013-02-25	3.7	None	Local	High	Not required	Partial	Partial	Partial
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
3	CVE-2013-0164	264		2013-02-24	2013-02-25	3.6	None	Local	Low	Not required	None	Partial	Partial
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
4	CVE-2012-5659			2013-03-12	2013-03-19	3.7	None	Local	High	Not required	Partial	Partial	Partial
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
5	CVE-2012-3538	255		2013-01-04	2013-01-07	3.3	None	Local Network	Low	Not required	Partial	None	None
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
6	CVE-2012-3445	399	DoS	2012-08-07	2013-03-21	3.5	None	Remote	Medium	Single system	None	None	Partial
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
7	CVE-2012-2693	264		2012-06-16	2013-01-14	3.7	None	Local	High	Not required	Partial	Partial	Partial
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
8	CVE-2012-2377	287		2012-11-23	2013-02-06	3.3	None	Local Network	Low	Not required	Partial	None	None
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
9	CVE-2011-4316	264		2013-01-04	2013-01-07	3.7	None	Local	High	Not required	Partial	Partial	Partial
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.
10	CVE-2011-1486	399	DoS	2011-05-31	2011-08-11	3.3	None	Local Network	Low	Not required	None	None	Partial
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
11	CVE-2011-0012	59		2011-04-18	2011-04-18	3.3	None	Local	Medium	Not required	None	Partial	Partial
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
12	CVE-2010-2794	59		2010-08-30	2010-09-08	3.3	None	Local	Medium	Not required	None	Partial	Partial
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
13	CVE-2010-2792	362	+Info	2010-08-30	2011-01-11	3.3	None	Local	Medium	Not required	Partial	Partial	None
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
14	CVE-2010-2474	20	+Priv	2010-08-10	2010-08-10	3.5	None	Remote	Medium	Single system	Partial	None	None
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
15	CVE-2010-1439	264		2010-06-07	2010-08-21	3.6	None	Local	Low	Not required	Partial	Partial	None
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
16	CVE-2007-1716		+Priv	2007-03-27	2010-08-21	3.4	User	Local	High	Multiple systems	Partial	Partial	Partial
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
17	CVE-2007-1352		Exec Code Overflow	2007-04-05	2010-11-30	3.8	None	Local Network	Medium	Single system	None	Partial	Partial
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
18	CVE-2005-0988			2005-05-02	2010-08-21	3.7	None	Local	High	Not required	Partial	Partial	Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
19	CVE-2002-1509			2003-03-03	2008-09-10	3.6	None	Local	Low	Not required	Partial	Partial	None
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
20	CVE-2002-0044			2002-01-31	2008-09-10	3.6	None	Local	Low	Not required	Partial	Partial	None
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
21	CVE-2001-0946		DoS	2001-12-04	2008-09-05	3.6	None	Local	Low	Not required	None	Partial	Partial
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.

Total number of vulnerabilities : 21 Page : 1 (This Page)