Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

11 matches found

CVE•added 2013/11/23 11:55 a.m.•504 views

CVE-2013-1813

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

7.2CVSS8.6AI score0.00028EPSS

CVE•added 2013/11/23 6:55 p.m.•80 views

CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

2.1CVSS6.6AI score0.00143EPSS

CVE•added 2013/11/23 6:55 p.m.•77 views

CVE-2013-0221

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

4.3CVSS6.7AI score0.06006EPSS

CVE•added 2013/11/23 11:55 a.m.•74 views

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.

6.2CVSS6.5AI score0.00051EPSS

CVE•added 2013/11/23 11:55 a.m.•72 views

CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

4.3CVSS6.5AI score0.00665EPSS

CVE•added 2013/11/23 6:55 p.m.•67 views

CVE-2013-0223

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

1.9CVSS6.6AI score0.00141EPSS

CVE•added 2013/11/02 7:55 p.m.•66 views

CVE-2013-4282

Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.

5CVSS7.4AI score0.01094EPSS

CVE•added 2013/11/23 6:55 p.m.•65 views

CVE-2013-2561

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm...

6.3CVSS6.1AI score0.00083EPSS

CVE•added 2013/11/23 11:55 a.m.•61 views

CVE-2013-4485

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

4CVSS6AI score0.00422EPSS

CVE•added 2013/11/23 6:55 p.m.•59 views

CVE-2012-0787

The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when us...

3.7CVSS5.8AI score0.00118EPSS

CVE•added 2013/11/23 11:55 a.m.•52 views

CVE-2013-4481

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

1.9CVSS5.6AI score0.00033EPSS