Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0150 |
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. Published: April 18, 2014; 10:55:25 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-3277 |
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. Published: April 15, 2014; 7:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-5704 |
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." Published: April 15, 2014; 6:55:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0055 |
The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. Published: March 26, 2014; 10:55:04 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2011-4111 |
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message. Published: February 26, 2014; 10:55:08 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-0081 |
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Published: February 20, 2014; 10:27:09 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3406 |
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. Published: February 10, 2014; 1:15:10 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3405 |
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. Published: February 10, 2014; 1:15:10 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3404 |
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. Published: February 10, 2014; 1:15:10 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1773 |
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. Published: February 07, 2014; 7:55:05 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-0001 |
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. Published: January 31, 2014; 6:55:04 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5364 |
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file. Published: January 25, 2014; 8:55:04 PM -0500 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2013-6368 |
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. Published: December 14, 2013; 1:08:45 PM -0500 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2013-4566 |
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. Published: December 12, 2013; 1:55:10 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1978 |
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Published: December 12, 2013; 1:55:10 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1913 |
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Published: December 12, 2013; 1:55:10 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2133 |
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. Published: December 06, 2013; 12:55:04 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2013-2561 |
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2013-0223 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-0222 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |