Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-1506 3Mariadb OracleRedhat 7Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+4 more Apr 29, 2026 Apr 17, 2013 N/A· v4 N/A· v3 2.8 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
CVE-2013-0315 1Redhat 1Jboss Enterprise Portal Platform Apr 29, 2026 Apr 12, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) att...Show more The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.Show less
CVE-2013-0314 1Redhat 1Jboss Enterprise Portal Platform Apr 29, 2026 Apr 12, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or...Show more The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.Show less
CVE-2012-3532 1Redhat 1Jboss Enterprise Portal Platform Apr 29, 2026 Apr 12, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown...Show more Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2013-1815 1Redhat 3Openstack Essex Openstack FolsomPackstack Apr 30, 2026 Apr 10, 2013 N/A· v4 6.1 MEDIUM· v3 4.4 MEDIUM· v2 A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This i...Show more A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications.Show less
CVE-2012-6120 1Redhat 2Openstack Essex Openstack Folsom Apr 29, 2026 Apr 10, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
CVE-2012-5635 2Gluster Redhat 4Glusterfs Storage Management ConsoleStorage Native Client+1 more Apr 29, 2026 Apr 9, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/v...Show more The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.Show less
CVE-2013-0791 4Canonical MozillaOracle+1 more 12Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+9 more Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMo...Show more The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.Show less
CVE-2012-4546 1Redhat 1Enterprise Linux Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsi...Show more The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.Show less
CVE-2013-1823 1Redhat 1Subscription Asset Manager Apr 29, 2026 Apr 2, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2012-6119 2Candlepinproject Redhat 2Candlepin Subscription Asset Manager Apr 29, 2026 Apr 2, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
CVE-2013-1861 7Canonical DebianMariadb+4 more 9Debian Linux Enterprise LinuxLinux Enterprise Desktop+6 more Apr 29, 2026 Mar 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of...Show more MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.Show less
CVE-2013-1766 1Redhat 1Libvirt Apr 29, 2026 Mar 20, 2013 N/A· v4 N/A· v3 3.6 LOW· v2 libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
CVE-2013-1857 2Redhat Rubyonrails 3Enterprise Linux RailsRuby On Rails Apr 29, 2026 Mar 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly han...Show more The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.Show less
CVE-2013-1855 2Redhat Rubyonrails 3Enterprise Linux RailsRuby On Rails Apr 29, 2026 Mar 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly...Show more The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.Show less
CVE-2013-1854 2Redhat Rubyonrails 3Enterprise Linux RailsRuby On Rails Apr 29, 2026 Mar 19, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial...Show more The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.Show less
CVE-2013-2548 2Linux Redhat 2Enterprise Mrg Linux Kernel Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local u...Show more The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.Show less
CVE-2013-2547 2Linux Redhat 2Enterprise Mrg Linux Kernel Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to o...Show more The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.Show less
CVE-2013-2546 2Linux Redhat 2Enterprise Mrg Linux Kernel Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack m...Show more The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.Show less
CVE-2012-6548 2Linux Redhat 2Enterprise Linux Linux Kernel Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted a...Show more The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.Show less

Previous 1...238239240...284 Next