Filtered by vendor Redhat
Subscribe
Total
5945 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2164 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-06-16 | 2.1 LOW | N/A |
| The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. | |||||
| CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2026-06-16 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
| CVE-2013-2151 | 1 Redhat | 1 Enterprise Virtualization | 2026-06-16 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
| CVE-2013-2144 | 1 Redhat | 1 Enterprise Virtualization Manager | 2026-06-16 | 5.0 MEDIUM | N/A |
| Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | |||||
| CVE-2013-2143 | 2 Redhat, Theforeman | 2 Network Satellite, Katello | 2026-06-16 | 6.5 MEDIUM | N/A |
| The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | |||||
| CVE-2013-2133 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2026-06-16 | 5.5 MEDIUM | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | |||||
| CVE-2013-2121 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2026-06-16 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | |||||
| CVE-2013-2119 | 3 Phusion, Redhat, Ruby-lang | 3 Passenger, Openshift, Ruby | 2026-06-16 | 4.6 MEDIUM | N/A |
| Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. | |||||
| CVE-2013-2113 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2026-06-16 | 6.0 MEDIUM | N/A |
| The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. | |||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2026-06-16 | 5.5 MEDIUM | 8.1 HIGH |
| OpenShift cartridge allows remote URL retrieval | |||||
| CVE-2013-2102 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2026-06-16 | 3.3 LOW | N/A |
| The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service. | |||||
| CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2026-06-16 | 3.5 LOW | 5.4 MEDIUM |
| Katello has multiple XSS issues in various entities | |||||
| CVE-2013-2069 | 1 Redhat | 1 Livecd-tools | 2026-06-16 | 7.2 HIGH | N/A |
| Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges. | |||||
| CVE-2013-2068 | 1 Redhat | 1 Cloudforms Management Engine | 2026-06-16 | 9.4 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. | |||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2026-06-16 | 10.0 HIGH | 9.8 CRITICAL |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
| CVE-2013-2056 | 1 Redhat | 1 Satellite | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | |||||
| CVE-2013-2051 | 1 Redhat | 1 Enterprise Linux | 2026-06-16 | 2.6 LOW | N/A |
| The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887. | |||||
| CVE-2013-2050 | 1 Redhat | 2 Cloudforms Management Engine, Manageiq Enterprise Virtualization Manager | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | |||||
| CVE-2013-2049 | 1 Redhat | 1 Cloudforms Management Engine | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | |||||
| CVE-2013-2035 | 1 Redhat | 1 Hawtjni | 2026-06-16 | 4.4 MEDIUM | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | |||||