VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,624)

  • CVE-2013-5891Jan 15, 2014
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

  • CVE-2011-2519Dec 27, 2013
    risk 0.00cvss epss 0.01

    Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.

  • CVE-2013-6368Dec 14, 2013
    risk 0.00cvss epss 0.01

    The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

  • CVE-2013-4566Dec 12, 2013
    risk 0.00cvss epss 0.02

    mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

  • CVE-2013-1978Dec 12, 2013
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more…

  • CVE-2013-1913Dec 12, 2013
    risk 0.00cvss epss 0.04

    Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries…

  • CVE-2013-5614Dec 11, 2013
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

  • CVE-2013-5612Dec 11, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type…

  • CVE-2013-2133Dec 6, 2013
    risk 0.00cvss epss 0.02

    The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise…

  • CVE-2013-2561Nov 23, 2013
    risk 0.00cvss epss 0.00

    OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl,…

  • CVE-2013-0223Nov 23, 2013
    risk 0.00cvss epss 0.01

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

  • CVE-2013-0222Nov 23, 2013
    risk 0.00cvss epss 0.00

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

  • CVE-2012-0787Nov 23, 2013
    risk 0.00cvss epss 0.00

    The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2)…

  • CVE-2013-4485Nov 23, 2013
    risk 0.00cvss epss 0.02

    389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

  • CVE-2013-4482Nov 23, 2013
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.

  • CVE-2013-4481Nov 23, 2013
    risk 0.00cvss epss 0.00

    Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

  • CVE-2013-1813Nov 23, 2013
    risk 0.00cvss epss 0.01

    util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

  • CVE-2013-0281Nov 23, 2013
    risk 0.00cvss epss 0.03

    Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

  • CVE-2013-4282Nov 2, 2013
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.

  • CVE-2013-4299Oct 24, 2013
    risk 0.00cvss epss 0.04

    Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

Page 63 of 82