| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2013-03-01 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
|
2 |
CVE-2012-5660 |
264 |
|
+Priv |
2013-03-12 |
2013-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." |
|
3 |
CVE-2012-5536 |
20 |
|
+Priv +Info |
2013-02-21 |
2013-02-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. |
|
4 |
CVE-2012-3459 |
264 |
|
+Priv |
2012-09-28 |
2012-10-03 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. |
|
5 |
CVE-2012-3370 |
264 |
|
+Priv |
2013-02-05 |
2013-02-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. |
|
6 |
CVE-2012-3369 |
264 |
|
+Priv |
2013-02-05 |
2013-02-08 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. |
|
7 |
CVE-2012-0860 |
|
|
+Priv |
2013-01-04 |
2013-01-11 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. |
|
8 |
CVE-2011-2520 |
264 |
|
+Priv |
2011-07-21 |
2011-08-11 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. |
|
9 |
CVE-2011-1485 |
362 |
|
+Priv |
2011-05-31 |
2012-12-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. |
|
10 |
CVE-2011-1011 |
264 |
|
DoS +Priv |
2011-02-24 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. |
|
11 |
CVE-2011-0706 |
264 |
|
+Priv |
2011-02-18 |
2012-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." |
|
12 |
CVE-2011-0536 |
|
|
+Priv |
2011-04-08 |
2012-01-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
|
13 |
CVE-2011-0532 |
264 |
|
+Priv |
2011-02-23 |
2011-03-30 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
14 |
CVE-2010-2793 |
362 |
|
+Priv |
2010-12-08 |
2013-01-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. |
|
15 |
CVE-2010-2784 |
264 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. |
|
16 |
CVE-2010-2474 |
20 |
|
+Priv |
2010-08-10 |
2010-08-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. |
|
17 |
CVE-2010-0729 |
264 |
|
+Priv |
2010-03-16 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. |
|
18 |
CVE-2010-0431 |
20 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. |
|
19 |
CVE-2010-0429 |
264 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. |
|
20 |
CVE-2010-0428 |
20 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. |
|
21 |
CVE-2009-4133 |
|
|
Exec Code +Priv |
2009-12-23 |
2010-01-06 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. |
|
22 |
CVE-2009-1573 |
264 |
|
+Priv |
2009-05-06 |
2010-05-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. |
|
23 |
CVE-2008-3825 |
264 |
|
+Priv |
2008-10-03 |
2011-02-17 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. |
|
24 |
CVE-2008-2359 |
16 |
|
+Priv |
2008-06-02 |
2009-02-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. |
|
25 |
CVE-2008-1951 |
264 |
|
+Priv |
2008-06-25 |
2010-08-21 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus. |
|
26 |
CVE-2007-5964 |
16 |
|
+Priv |
2007-12-13 |
2010-08-21 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. |
|
27 |
CVE-2007-1716 |
|
|
+Priv |
2007-03-27 |
2010-08-21 |
3.4 |
User |
Local |
High |
Multiple systems |
Partial |
Partial |
Partial |
|
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. |
|
28 |
CVE-2006-5753 |
|
|
DoS +Priv |
2007-01-30 |
2010-09-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. |
|
29 |
CVE-2005-3629 |
|
|
+Priv |
2005-12-31 |
2010-08-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. |
|
30 |
CVE-2005-1760 |
|
|
+Priv |
2005-06-13 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. |
|
31 |
CVE-2005-0750 |
|
|
+Priv |
2005-03-27 |
2010-08-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. |
|
32 |
CVE-2005-0091 |
|
|
+Priv |
2005-05-02 |
2010-08-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. |
|
33 |
CVE-2004-1068 |
|
|
+Priv |
2005-01-10 |
2010-08-21 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. |
|
34 |
CVE-2004-0495 |
|
|
+Priv |
2004-08-06 |
2010-08-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. |
|
35 |
CVE-2004-0077 |
|
|
+Priv |
2004-03-03 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. |
|
36 |
CVE-2002-1160 |
|
|
+Priv |
2003-02-19 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. |
|
37 |
CVE-2002-0638 |
|
|
+Priv |
2002-08-12 |
2008-09-10 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. |
|
38 |
CVE-2002-0083 |
189 |
|
+Priv |
2002-03-15 |
2008-11-20 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. |
|
39 |
CVE-2002-0062 |
|
|
Overflow +Priv |
2002-03-08 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." |
|
40 |
CVE-2001-1374 |
|
|
+Priv |
2001-07-19 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. |
|
41 |
CVE-2001-1028 |
|
|
Overflow +Priv |
2001-05-28 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. |
|
42 |
CVE-2001-1002 |
|
|
Exec Code +Priv |
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. |
|
43 |
CVE-2001-0872 |
|
|
+Priv |
2001-12-21 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. |
|
44 |
CVE-2001-0635 |
|
|
+Priv |
2001-08-14 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords. |
|
45 |
CVE-2001-0496 |
|
|
+Priv |
2001-06-27 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. |
|
46 |
CVE-2001-0128 |
|
|
+Priv Bypass |
2001-03-12 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
|
47 |
CVE-2000-1220 |
|
|
Exec Code +Priv |
2000-01-08 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. |
|
48 |
CVE-2000-1214 |
|
|
Overflow +Priv |
2000-10-18 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. |
|
49 |
CVE-2000-1208 |
|
|
+Priv |
2002-08-12 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. |
|
50 |
CVE-2000-1189 |
|
|
Overflow +Priv |
2001-01-09 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. |
