Filtered by vendor Redhat
Subscribe
Total
5942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6457 | 1 Redhat | 1 Libvirt | 2026-06-17 | 5.2 MEDIUM | N/A |
| The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. | |||||
| CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2026-06-17 | 5.8 MEDIUM | N/A |
| The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | |||||
| CVE-2013-6448 | 1 Redhat | 1 Jboss Seam 2 Framework | 2026-06-17 | 5.0 MEDIUM | N/A |
| The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. | |||||
| CVE-2013-6447 | 1 Redhat | 1 Jboss Seam 2 Framework | 2026-06-17 | 5.0 MEDIUM | N/A |
| Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. | |||||
| CVE-2013-6445 | 1 Redhat | 1 Enterprise Mrg | 2026-06-17 | 5.0 MEDIUM | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack. | |||||
| CVE-2013-6443 | 1 Redhat | 2 Cloudforms, Cloudforms 3.0 Management Engine | 2026-06-17 | 6.8 MEDIUM | N/A |
| CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. | |||||
| CVE-2013-6439 | 1 Redhat | 1 Subscription Asset Manager | 2026-06-17 | 9.3 HIGH | N/A |
| Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | |||||
| CVE-2013-6436 | 1 Redhat | 1 Libvirt | 2026-06-17 | 2.1 LOW | N/A |
| The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. | |||||
| CVE-2013-6434 | 1 Redhat | 1 Enterprise Virtualization Manager | 2026-06-17 | 4.3 MEDIUM | N/A |
| The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. | |||||
| CVE-2013-6425 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2026-06-17 | 5.0 MEDIUM | N/A |
| Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||||
| CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2026-06-17 | 6.8 MEDIUM | N/A |
| The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-6391 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2026-06-17 | 5.8 MEDIUM | N/A |
| The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | |||||
| CVE-2013-6368 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-06-17 | 6.2 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. | |||||
| CVE-2013-5908 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2026-06-16 | 2.6 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. | |||||
| CVE-2013-5906 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2026-06-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905. | |||||
| CVE-2013-5904 | 3 Hp, Oracle, Redhat | 10 Hp-ux, Jdk, Jre and 7 more | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2013-5895 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | |||||
| CVE-2013-5891 | 5 Canonical, Debian, Mariadb and 2 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2026-06-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||||
| CVE-2013-5870 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
| CVE-2013-5843 | 2 Oracle, Redhat | 8 Javafx, Jdk, Jre and 5 more | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | |||||