| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
2 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
3 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
4 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
5 |
CVE-2013-1926 |
|
|
+Info |
2013-04-29 |
2013-05-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
|
6 |
CVE-2013-0218 |
200 |
|
+Info |
2013-02-05 |
2013-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. |
|
7 |
CVE-2012-6548 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
8 |
CVE-2012-6546 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
9 |
CVE-2012-6545 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
10 |
CVE-2012-6544 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. |
|
11 |
CVE-2012-6542 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. |
|
12 |
CVE-2012-6538 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
13 |
CVE-2012-6537 |
200 |
|
+Info |
2013-03-15 |
2013-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
14 |
CVE-2012-6137 |
255 |
|
+Info |
2013-05-21 |
2013-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. |
|
15 |
CVE-2012-6120 |
264 |
|
+Info |
2013-04-10 |
2013-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. |
|
16 |
CVE-2012-6115 |
255 |
|
+Info |
2013-03-12 |
2013-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. |
|
17 |
CVE-2012-5658 |
310 |
|
+Info |
2013-02-24 |
2013-02-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. |
|
18 |
CVE-2012-5536 |
20 |
|
+Priv +Info |
2013-02-21 |
2013-02-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. |
|
19 |
CVE-2012-5516 |
200 |
|
+Info |
2013-01-04 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. |
|
20 |
CVE-2012-4540 |
189 |
|
DoS Exec Code Overflow +Info |
2012-11-11 |
2013-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, and 1.3.x before 1.3.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." |
|
21 |
CVE-2012-4453 |
264 |
|
+Info |
2012-10-09 |
2013-01-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. |
|
22 |
CVE-2012-3423 |
119 |
|
DoS Exec Code Overflow +Info |
2012-08-07 |
2012-09-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. |
|
23 |
CVE-2012-3368 |
189 |
|
+Info |
2012-07-03 |
2012-07-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. |
|
24 |
CVE-2012-2680 |
264 |
|
+Info |
2012-09-28 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." |
|
25 |
CVE-2012-2679 |
264 |
|
+Info |
2012-10-22 |
2012-11-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. |
|
26 |
CVE-2012-2664 |
255 |
|
+Info |
2012-06-29 |
2012-08-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. |
|
27 |
CVE-2012-1106 |
264 |
|
+Info |
2012-07-03 |
2012-07-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. |
|
28 |
CVE-2012-0818 |
200 |
|
+Info |
2012-11-23 |
2013-02-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. |
|
29 |
CVE-2012-0034 |
255 |
|
+Info |
2013-02-05 |
2013-02-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. |
|
30 |
CVE-2011-5245 |
200 |
|
+Info |
2012-11-23 |
2012-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. |
|
31 |
CVE-2011-1943 |
200 |
|
+Info |
2011-06-14 |
2011-09-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. |
|
32 |
CVE-2010-3860 |
200 |
|
+Info |
2010-12-08 |
2011-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. |
|
33 |
CVE-2010-2792 |
362 |
|
+Info |
2010-08-30 |
2011-01-11 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket. |
|
34 |
CVE-2010-2241 |
264 |
|
+Info |
2010-08-17 |
2010-08-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. |
|
35 |
CVE-2010-2224 |
264 |
|
+Info |
2010-06-24 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. |
|
36 |
CVE-2010-2223 |
264 |
|
+Info |
2010-06-24 |
2010-06-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. |
|
37 |
CVE-2010-1429 |
264 |
|
+Info |
2010-04-28 |
2012-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. |
|
38 |
CVE-2010-1428 |
264 |
|
+Info |
2010-04-28 |
2012-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method. |
|
39 |
CVE-2009-3554 |
200 |
|
+Info |
2009-12-15 |
2009-12-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. |
|
40 |
CVE-2009-0788 |
200 |
|
+Info |
2011-04-18 |
2011-04-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. |
|
41 |
CVE-2008-3519 |
16 |
|
+Info |
2008-09-23 |
2009-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. |
|
42 |
CVE-2008-3274 |
200 |
|
+Info |
2008-09-12 |
2008-10-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query. |
|
43 |
CVE-2007-6283 |
200 |
|
DoS +Info |
2007-12-17 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
|
44 |
CVE-2007-3373 |
119 |
|
Overflow +Info |
2007-06-25 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests. |
|
45 |
CVE-2007-1865 |
189 |
|
+Info |
2007-09-18 |
2008-11-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer." |
|
46 |
CVE-2007-0004 |
264 |
|
+Info |
2007-09-18 |
2008-09-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries. |
|
47 |
CVE-2005-3630 |
|
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives. |
|
48 |
CVE-2005-2104 |
|
|
+Info |
2005-10-07 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. |
|
49 |
CVE-2005-0109 |
|
|
+Info |
2005-03-05 |
2010-08-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. |
|
50 |
CVE-2004-0914 |
|
|
DoS Exec Code Overflow Dir. Trav. +Info |
2005-01-10 |
2010-08-21 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. |
