Total
2048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8171 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
|
|||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
|
|||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
|
|||||
| CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
|
|||||
| CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
|
|||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
|
Cache Poisoning issue exists in DNS Response Rate Limiting.
|
|||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
|
php-symfony2-Validator has loss of information during serialization
|
|||||
| CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
|
|||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
|
|||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
|
|||||
| CVE-2013-4235 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Shadow, Fedora and 1 more | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
|
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
|
|||||
| CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
evince is missing a check on number of pages which can lead to a segmentation fault
|
|||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
|
|||||
| CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
|
|||||
| CVE-2012-6711 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
|
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
|
|||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
|
|||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
|
|||||
| CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
|
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
|
|||||
| CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
|
|||||
| CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
|
|||||
| CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
|
|||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
|
|||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Moodle before 2.2.2 has users' private files included in course backups
|
|||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
|
|||||
| CVE-2012-0877 | 2 Python, Redhat | 3 Pyxml, Enterprise Linux, Enterprise Virtualization Hypervisor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
PyXML: Hash table collisions CPU usage Denial of Service
|
|||||
| CVE-2011-4967 | 2 Openpegasus, Redhat | 2 Tog-pegasus, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tog-Pegasus has a package hash collision DoS vulnerability
|
|||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
|
|||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.
|
|||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
|
|||||
| CVE-2011-3585 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
|
|||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
|||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
|
|||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
|
|||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
|
|||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
|
|||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
|
|||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
|
|||||