U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*
  • CPE Name Search: true
There are 635 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2011-2726

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Published: November 15, 2019; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Published: November 15, 2019; 11:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-1168

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2012-1156

Moodle before 2.2.2 has users' private files included in course backups

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

Published: November 13, 2019; 9:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2010-4664

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

Published: November 13, 2019; 5:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Published: November 13, 2019; 4:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

Published: November 13, 2019; 4:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Published: November 08, 2019; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Published: November 05, 2019; 5:15:10 PM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2013-5661

Cache Poisoning issue exists in DNS Response Rate Limiting.

Published: November 05, 2019; 2:15:10 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 2.6 LOW
CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Published: November 04, 2019; 4:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: November 04, 2019; 3:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Published: November 04, 2019; 2:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2013-4518

RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates

Published: November 04, 2019; 8:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-4751

php-symfony2-Validator has loss of information during serialization

Published: November 01, 2019; 9:15:11 AM -0400
V3.1: 8.1 HIGH
V2.0: 4.9 MEDIUM
CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Published: October 14, 2019; 4:15:10 PM -0400
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Published: October 14, 2019; 11:15:09 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Published: October 06, 2019; 8:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH