| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3301 |
|
|
DoS |
2013-04-29 |
2013-04-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. |
|
2 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
3 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
4 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
5 |
CVE-2013-2015 |
399 |
|
DoS |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. |
|
6 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
7 |
CVE-2013-1927 |
|
|
Exec Code |
2013-04-29 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." |
|
8 |
CVE-2013-1926 |
|
|
+Info |
2013-04-29 |
2013-05-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
|
9 |
CVE-2013-1861 |
119 |
|
DoS Overflow |
2013-03-28 |
2013-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and unspecified versions of Oracle MySQL, allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. |
|
10 |
CVE-2013-1823 |
79 |
|
XSS |
2013-04-02 |
2013-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. |
|
11 |
CVE-2013-1815 |
255 |
|
|
2013-04-10 |
2013-04-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. |
|
12 |
CVE-2013-1774 |
264 |
|
DoS |
2013-02-28 |
2013-03-01 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. |
|
13 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2013-03-01 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
|
14 |
CVE-2013-1766 |
264 |
|
|
2013-03-20 |
2013-03-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. |
|
15 |
CVE-2013-0315 |
264 |
|
|
2013-04-12 |
2013-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. |
|
16 |
CVE-2013-0314 |
287 |
|
|
2013-04-12 |
2013-04-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. |
|
17 |
CVE-2013-0311 |
|
|
|
2013-02-21 |
2013-03-22 |
6.5 |
None |
Local Network |
High |
Single system |
Complete |
Complete |
Complete |
|
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. |
|
18 |
CVE-2013-0310 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. |
|
19 |
CVE-2013-0309 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
20 |
CVE-2013-0241 |
399 |
|
DoS |
2013-02-12 |
2013-02-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2013-0219 |
264 |
|
|
2013-02-24 |
2013-02-25 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. |
|
22 |
CVE-2013-0218 |
200 |
|
+Info |
2013-02-05 |
2013-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. |
|
23 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2013-03-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
24 |
CVE-2013-0170 |
399 |
|
DoS Exec Code |
2013-02-08 |
2013-03-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. |
|
25 |
CVE-2013-0168 |
264 |
|
DoS |
2013-03-12 |
2013-03-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. |
|
26 |
CVE-2013-0166 |
310 |
|
DoS |
2013-02-08 |
2013-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. |
|
27 |
CVE-2013-0164 |
264 |
|
|
2013-02-24 |
2013-02-25 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. |
|
28 |
CVE-2012-6548 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
29 |
CVE-2012-6546 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
30 |
CVE-2012-6545 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
31 |
CVE-2012-6544 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. |
|
32 |
CVE-2012-6542 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. |
|
33 |
CVE-2012-6538 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
34 |
CVE-2012-6537 |
200 |
|
+Info |
2013-03-15 |
2013-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
35 |
CVE-2012-6137 |
255 |
|
+Info |
2013-05-21 |
2013-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. |
|
36 |
CVE-2012-6120 |
264 |
|
+Info |
2013-04-10 |
2013-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. |
|
37 |
CVE-2012-6119 |
264 |
|
|
2013-04-02 |
2013-04-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. |
|
38 |
CVE-2012-6118 |
264 |
|
Bypass |
2013-03-12 |
2013-03-18 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. |
|
39 |
CVE-2012-6117 |
264 |
|
|
2013-03-12 |
2013-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. |
|
40 |
CVE-2012-6115 |
255 |
|
+Info |
2013-03-12 |
2013-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. |
|
41 |
CVE-2012-5660 |
264 |
|
+Priv |
2013-03-12 |
2013-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." |
|
42 |
CVE-2012-5659 |
|
|
|
2013-03-12 |
2013-03-19 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. |
|
43 |
CVE-2012-5658 |
310 |
|
+Info |
2013-02-24 |
2013-02-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. |
|
44 |
CVE-2012-5647 |
20 |
|
|
2013-02-24 |
2013-02-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. |
|
45 |
CVE-2012-5646 |
20 |
|
Exec Code |
2013-02-24 |
2013-02-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. |
|
46 |
CVE-2012-5635 |
264 |
|
|
2013-04-09 |
2013-04-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. |
|
47 |
CVE-2012-5629 |
264 |
|
Bypass |
2013-03-12 |
2013-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. |
|
48 |
CVE-2012-5622 |
352 |
|
CSRF |
2012-12-17 |
2012-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. |
|
49 |
CVE-2012-5605 |
264 |
|
|
2013-01-04 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. |
|
50 |
CVE-2012-5604 |
264 |
|
Bypass |
2013-03-01 |
2013-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors. |
