Redhat Enterprise Linux vulnerabilities

1,738 known vulnerabilities affecting redhat/enterprise_linux.

Total CVEs

1,738

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL157HIGH589MEDIUM839LOW153

Vulnerabilities

Page 73 of 87

CVE-2012-3405MEDIUMCVSS 5.0v6.02014-02-10

CVE-2012-3405 [MEDIUM] CVE-2012-3405: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number

nvd

CVE-2012-3404MEDIUMCVSS 5.0v6.02014-02-10

CVE-2012-3404 [MEDIUM] CWE-189 CVE-2012-3404: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses posi

nvd

CVE-2012-3406MEDIUMCVSS 6.8v5v6.02014-02-10

CVE-2012-3406 [MEDIUM] CVE-2012-3406: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probabl The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possi

nvd

CVE-2011-1773MEDIUMCVSS 4.4v6.02014-02-08

CVE-2011-1773 [MEDIUM] CWE-255 CVE-2011-1773: virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allo virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.

nvd

CVE-2014-0001HIGHCVSS 7.5v5v6.02014-01-31

CVE-2014-0001 [HIGH] CWE-119 CVE-2014-0001: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

nvd

CVE-2013-6368MEDIUMCVSS 6.2v6.02013-12-14

CVE-2013-6368 [MEDIUM] CWE-20 CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

nvd

CVE-2013-4566MEDIUMCVSS 4.0v5v6.02013-12-12

CVE-2013-4566 [MEDIUM] CWE-264 CVE-2013-4566: mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does no mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

nvd

CVE-2013-1978MEDIUMCVSS 6.8v5.0v6.02013-12-12

CVE-2013-1978 [MEDIUM] CWE-787 CVE-2013-1978: Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) pl Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

nvd

CVE-2013-1913MEDIUMCVSS 6.8v5.0v6.02013-12-12

CVE-2013-1913 [MEDIUM] CWE-190 CVE-2013-1913: Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

nvd

CVE-2013-2133MEDIUMCVSS 5.5v5v6.02013-12-06

CVE-2013-2133 [MEDIUM] CWE-264 CVE-2013-2133: The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Applicatio The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

nvd

CVE-2013-1813HIGHCVSS 7.2v6.02013-11-23

CVE-2013-1813 [HIGH] CWE-264 CVE-2013-1813: util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creatin util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

nvd

CVE-2013-2561MEDIUMCVSS 6.3v6.02013-11-23

CVE-2013-2561 [MEDIUM] CWE-59 CVE-2013-2561: OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1 OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

nvd

CVE-2013-0281MEDIUMCVSS 4.3v6.02013-11-23

CVE-2013-0281 [MEDIUM] CWE-399 CVE-2013-0281: Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

nvd

CVE-2013-0221MEDIUMCVSS 4.3PoCv6.02013-11-23

CVE-2013-0221 [MEDIUM] CWE-20 CVE-2013-0221: The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

nvd

CVE-2013-4482MEDIUMCVSS 6.2v6.02013-11-23

CVE-2013-4482 [MEDIUM] CVE-2013-4482: Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.

nvd

CVE-2013-4485MEDIUMCVSS 4.0v6.02013-11-23

CVE-2013-4485 [MEDIUM] CWE-20 CVE-2013-4485: 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authent 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

nvd

CVE-2013-4481LOWCVSS 1.9v6.02013-11-23

CVE-2013-4481 [LOW] CWE-362 CVE-2013-4481: Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions bef Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

nvd

CVE-2013-0223LOWCVSS 1.9v6.02013-11-23

CVE-2013-0223 [LOW] CWE-119 CVE-2013-0223: The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

nvd

CVE-2013-0222LOWCVSS 2.1v6.02013-11-23

CVE-2013-0222 [LOW] CWE-119 CVE-2013-0222: The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

nvd

CVE-2012-0787LOWCVSS 3.7v6.02013-11-23

CVE-2012-0787 [LOW] CVE-2012-0787: The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and E The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the ne

nvd

← Previous73 / 87Next →