Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-04 | CVE-2014-3660 | parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | Mac_os_x, Ubuntu_linux, Debian_linux, Enterprise_linux, Libxml2 | N/A | ||
| 2018-01-08 | CVE-2014-1859 | (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | Fedora, Numpy, Enterprise_linux | 5.5 | ||
| 2014-06-11 | CVE-2014-0249 | The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. | Sssd, Enterprise_linux | N/A | ||
| 2014-03-26 | CVE-2014-0055 | The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. | Enterprise_linux | N/A | ||
| 2014-03-31 | CVE-2013-7347 | Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie. | Conga, Enterprise_linux | N/A | ||
| 2013-07-29 | CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | Fedora, Freebsd, Hp\-Ux, Bind, Dnsco_bind, Business_server, Enterprise_server, Suse_linux, Opensuse, Enterprise_linux, Slackware_linux, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2013-12-12 | CVE-2013-4566 | mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. | Mod_nss, Enterprise_linux | N/A | ||
| 2013-11-23 | CVE-2013-4485 | 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | 389_directory_server, Directory_server, Enterprise_linux | N/A | ||
| 2013-11-23 | CVE-2013-4482 | Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. | Enterprise_linux, Luci | N/A | ||
| 2013-11-23 | CVE-2013-4481 | Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets." | Enterprise_linux, Luci | N/A |