Redhat Enterprise Linux vulnerabilities

CVE-2013-1943 [HIGH] CWE-20 CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specifi The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/k

CVE-2013-2188 [MEDIUM] CWE-264 CVE-2013-2188: A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6. A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only.

CVE-2013-1935 [MEDIUM] CWE-362 CVE-2013-1935: A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are

CVE-2013-1976 [MEDIUM] CWE-59 CVE-2013-1976: The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomca The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-i

CVE-2013-2051 [LOW] CVE-2013-2051: The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.

CVE-2013-2224 [MEDIUM] CVE-2013-2224: A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows loca A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-20

CVE-2013-2164 [LOW] CWE-200 CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 all The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

CVE-2011-2942 [MEDIUM] CVE-2011-2942: A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge

CVE-2011-3593 [MEDIUM] CWE-399 CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linu A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.

CVE-2011-3347 [MEDIUM] CVE-2011-3347: A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.

CVE-2011-2693 [LOW] CVE-2011-2693: The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.

CVE-2012-6137 [MEDIUM] CWE-255 CVE-2012-6137: rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

CVE-2013-3301 [HIGH] CVE-2013-3301: The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of s The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

CVE-2013-2015 [MEDIUM] CWE-399 CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly h The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/imag

CVE-2013-1928 [MEDIUM] CWE-200 CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspe The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

CVE-2012-4546 [MEDIUM] CWE-16 CVE-2012-4546: The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a rev

CVE-2013-1861 [MEDIUM] CWE-119 CVE-2013-1861: MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing

CVE-2013-1854 [MEDIUM] CWE-20 CVE-2013-1854: The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x bef The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

CVE-2013-1857 [MEDIUM] CWE-79 CVE-2013-1857: The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pac The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via

CVE-2013-1855 [MEDIUM] CWE-79 CVE-2013-1855: The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted