| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1927 |
|
|
Exec Code |
2013-04-29 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." |
|
2 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2013-03-01 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
|
3 |
CVE-2013-0311 |
|
|
|
2013-02-21 |
2013-03-22 |
6.5 |
None |
Local Network |
High |
Single system |
Complete |
Complete |
Complete |
|
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. |
|
4 |
CVE-2013-0310 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. |
|
5 |
CVE-2012-5660 |
264 |
|
+Priv |
2013-03-12 |
2013-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." |
|
6 |
CVE-2012-5622 |
352 |
|
CSRF |
2012-12-17 |
2012-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. |
|
7 |
CVE-2012-5536 |
20 |
|
+Priv +Info |
2013-02-21 |
2013-02-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. |
|
8 |
CVE-2012-4550 |
264 |
|
|
2013-01-04 |
2013-05-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB. |
|
9 |
CVE-2012-4540 |
189 |
|
DoS Exec Code Overflow +Info |
2012-11-11 |
2013-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, and 1.3.x before 1.3.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." |
|
10 |
CVE-2012-3532 |
352 |
|
CSRF |
2013-04-12 |
2013-04-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
11 |
CVE-2012-3422 |
119 |
|
DoS Exec Code Overflow |
2012-08-07 |
2012-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. |
|
12 |
CVE-2012-2734 |
352 |
|
Exec Code CSRF |
2012-09-28 |
2013-03-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. |
|
13 |
CVE-2012-2333 |
189 |
|
DoS |
2012-05-14 |
2013-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
|
14 |
CVE-2012-0874 |
287 |
|
Exec Code Bypass |
2013-02-05 |
2013-02-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. |
|
15 |
CVE-2012-0861 |
310 |
|
Exec Code |
2013-01-04 |
2013-01-07 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. |
|
16 |
CVE-2012-0860 |
|
|
+Priv |
2013-01-04 |
2013-01-11 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. |
|
17 |
CVE-2011-4085 |
287 |
|
Bypass |
2012-11-23 |
2012-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. |
|
18 |
CVE-2011-3636 |
352 |
|
CSRF |
2011-12-08 |
2012-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. |
|
19 |
CVE-2011-2908 |
352 |
|
Exec Code CSRF |
2012-11-23 |
2013-02-06 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors. |
|
20 |
CVE-2011-2520 |
264 |
|
+Priv |
2011-07-21 |
2011-08-11 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. |
|
21 |
CVE-2011-2196 |
264 |
|
Exec Code |
2011-07-26 |
2011-08-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484. |
|
22 |
CVE-2011-1485 |
362 |
|
+Priv |
2011-05-31 |
2012-12-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. |
|
23 |
CVE-2011-1484 |
264 |
|
Exec Code |
2011-07-26 |
2011-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. |
|
24 |
CVE-2011-1146 |
264 |
|
DoS Exec Code |
2011-03-15 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. |
|
25 |
CVE-2011-1011 |
264 |
|
DoS +Priv |
2011-02-24 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. |
|
26 |
CVE-2011-0536 |
|
|
+Priv |
2011-04-08 |
2012-01-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
|
27 |
CVE-2011-0532 |
264 |
|
+Priv |
2011-02-23 |
2011-03-30 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
28 |
CVE-2011-0025 |
20 |
|
|
2011-02-04 |
2011-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. |
|
29 |
CVE-2010-4351 |
264 |
|
Bypass |
2011-01-20 |
2011-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. |
|
30 |
CVE-2010-3852 |
287 |
|
Bypass |
2010-11-05 |
2010-11-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. |
|
31 |
CVE-2010-2793 |
362 |
|
+Priv |
2010-12-08 |
2013-01-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. |
|
32 |
CVE-2010-2784 |
264 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. |
|
33 |
CVE-2010-1871 |
20 |
|
Exec Code |
2010-08-05 |
2010-08-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured. |
|
34 |
CVE-2010-0729 |
264 |
|
+Priv |
2010-03-16 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. |
|
35 |
CVE-2010-0431 |
20 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. |
|
36 |
CVE-2010-0429 |
264 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. |
|
37 |
CVE-2010-0428 |
20 |
|
DoS +Priv |
2010-08-24 |
2010-08-25 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. |
|
38 |
CVE-2009-4139 |
352 |
|
CSRF |
2011-07-26 |
2011-11-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges. |
|
39 |
CVE-2009-4133 |
|
|
Exec Code +Priv |
2009-12-23 |
2010-01-06 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. |
|
40 |
CVE-2009-1893 |
59 |
|
|
2009-07-17 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. |
|
41 |
CVE-2009-0788 |
200 |
|
+Info |
2011-04-18 |
2011-04-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. |
|
42 |
CVE-2009-0588 |
|
|
|
2009-05-27 |
2009-06-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field. |
|
43 |
CVE-2008-6552 |
59 |
|
|
2009-03-30 |
2013-01-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. |
|
44 |
CVE-2008-5082 |
287 |
|
Bypass |
2009-01-30 |
2009-02-05 |
6.0 |
User |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. |
|
45 |
CVE-2008-4315 |
|
|
|
2008-11-26 |
2010-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. |
|
46 |
CVE-2008-4313 |
264 |
|
Bypass |
2008-11-26 |
2010-08-21 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. |
|
47 |
CVE-2008-4192 |
59 |
|
|
2008-09-29 |
2011-03-01 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. |
|
48 |
CVE-2007-6285 |
16 |
|
|
2007-12-20 |
2010-11-16 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. |
|
49 |
CVE-2007-5964 |
16 |
|
+Priv |
2007-12-13 |
2010-08-21 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. |
|
50 |
CVE-2007-5503 |
189 |
|
Exec Code Overflow |
2007-11-29 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. |
