Filtered by vendor Redhat Subscriptions
Total 22092 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-6685 2 Nokogiri, Redhat 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more 2024-11-21 7.5 High
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2012-6655 4 Accountsservice Project, Debian, Opensuse and 1 more 4 Accountsservice, Debian Linux, Opensuse and 1 more 2024-11-21 3.3 Low
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVE-2012-6136 3 Debian, Fedoraproject, Redhat 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-11-21 5.5 Medium
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
CVE-2012-6135 2 Phusion, Redhat 2 Passenger, Openshift 2024-11-21 7.5 High
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2012-5644 4 Debian, Fedoraproject, Libuser Project and 1 more 4 Debian Linux, Fedora, Libuser and 1 more 2024-11-21 5.5 Medium
libuser has information disclosure when moving user's home directory
CVE-2012-5630 3 Fedoraproject, Libuser Project, Redhat 3 Fedora, Libuser, Enterprise Linux 2024-11-21 6.3 Medium
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 7.5 High
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2012-5562 1 Redhat 2 Network Proxy, Satellite 2024-11-21 6.5 Medium
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVE-2012-5521 3 Debian, Quagga, Redhat 3 Debian Linux, Quagga, Enterprise Linux 2024-11-21 6.5 Medium
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
CVE-2012-5474 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Horizon and 1 more 2024-11-21 5.5 Medium
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
CVE-2012-4512 2 Kde, Redhat 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-11-21 8.8 High
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
CVE-2012-4451 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
CVE-2012-3460 1 Redhat 1 Enterprise Mrg 2024-11-21 9.8 Critical
cumin: At installation postgresql database user created without password
CVE-2012-2312 1 Redhat 2 Jboss Application Server, Jboss Enterprise Application Platform 2024-11-21 7.8 High
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
CVE-2012-2148 2 Linux, Redhat 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server 2024-11-21 3.3 Low
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
CVE-2012-2142 4 Freedesktop, Opensuse, Redhat and 1 more 4 Poppler, Opensuse, Enterprise Linux and 1 more 2024-11-21 7.8 High
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2012-1168 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 8.2 High
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
CVE-2012-1156 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 7.5 High
Moodle before 2.2.2 has users' private files included in course backups
CVE-2012-1155 4 Debian, Fedoraproject, Moodle and 1 more 4 Debian Linux, Fedora, Moodle and 1 more 2024-11-21 7.5 High
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
CVE-2012-1094 1 Redhat 1 Jboss Application Server 2024-11-21 7.5 High
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.