Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-10 | CVE-2013-1815 | Credentials Management vulnerability in Redhat Openstack Essex, Openstack Folsom and Packstack PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | 4.4 |
| 2013-04-10 | CVE-2012-6120 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack Essex and Openstack Folsom Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. | 2.1 |
| 2013-04-03 | CVE-2012-4546 | Configuration vulnerability in Redhat Enterprise Linux 6.0 The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. | 4.3 |
| 2013-04-02 | CVE-2012-6119 | Permissions, Privileges, and Access Controls vulnerability in multiple products Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | 2.1 |
| 2013-03-28 | CVE-2013-1861 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. | 5.0 |
| 2013-03-20 | CVE-2013-1766 | Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | 3.6 |
| 2013-03-19 | CVE-2013-1857 | Cross-Site Scripting vulnerability in multiple products The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. | 4.3 |
| 2013-03-12 | CVE-2013-0168 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | 4.0 |
| 2013-03-12 | CVE-2012-5659 | Unspecified vulnerability in Redhat Automatic BUG Reporting Tool Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. | 3.7 |
| 2013-03-12 | CVE-2012-6118 | Permissions, Privileges, and Access Controls vulnerability in Redhat Aeolus Conductor The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | 5.5 |