Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2002-12-11 |
| Product | Enterprise Linux | Last view | 2015-08-14 |
| Version | 2.1 | Type | Os |
| Update | * | ||
| Edition | workstation | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:redhat:enterprise_linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2015-08-14 | CVE-2015-1819 | The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. |
| 8.5 | 2007-04-05 | CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 2.6 | 2005-12-31 | CVE-2005-1918 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". |
| 7.5 | 2005-06-13 | CVE-2005-1760 | sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. |
| 4.6 | 2005-05-04 | CVE-2005-1194 | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. |
| 5 | 2005-05-02 | CVE-2005-1061 | The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." |
| 3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
| 4.6 | 2005-05-02 | CVE-2005-0078 | The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. |
| 7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
| 7.5 | 2005-04-14 | CVE-2004-1176 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| 7.5 | 2005-04-14 | CVE-2004-1175 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
| 5 | 2005-04-14 | CVE-2004-1174 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
| 5 | 2005-04-14 | CVE-2004-1093 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
| 5 | 2005-04-14 | CVE-2004-1092 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
| 5 | 2005-04-14 | CVE-2004-1091 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
| 5 | 2005-04-14 | CVE-2004-1090 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
| 5 | 2005-04-14 | CVE-2004-1009 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
| 7.5 | 2005-04-14 | CVE-2004-1005 | Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
| 7.5 | 2005-04-14 | CVE-2004-1004 | Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
| 5 | 2005-03-15 | CVE-2005-0384 | Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. |
| 7.5 | 2005-03-08 | CVE-2005-0699 | Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. |
| 5.1 | 2005-03-07 | CVE-2005-0667 | Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-399 | Resource Management Errors |
| 33% (2) | CWE-189 | Numeric Errors |
| 16% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-6 | Argument Injection |
| CAPEC-15 | Command Delimiters |
| CAPEC-79 | Using Slashes in Alternate Encoding |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 73493 | libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS |
| 55381 | GNU libc (glibc) getifaddrs Function Netlink Interface Spoofed Message Local DoS |
| 44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
| 34918 | X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow |
| 34917 | FreeType bdfReadCharacters Function BDF Font Handling Overflow |
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 17302 | Red Hat sysreport up2date Proxy Password Cleartext Disclosure |
| 16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
| 16440 | Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati... |
| 16088 | NASM ieee_putascii() Function ASM File Overflow |
| 15708 | Red Hat logwatch secure Log Parsing DoS |
| 15487 | gzip Race Condition Arbitrary File Permission Modification |
| 15382 | Mozilla Multiple Malformed HTML Tag Null Dereference DoS |
| 14810 | Linux Kernel Malformed PPP Packet Remote DoS |
| 14612 | Ethereal 3GPP2 A11 Dissector dissect_a11_radius() Function Overflow |
| 14570 | Sylpheed Message Header Processing Overflow |
| 13897 | Linux kernel VM_IO DoS |
| 13204 | KDE Screensaver Crash Local Bypass |
| 13149 | Xpdf Multiple Unspecified Remote Overflows |
| 12911 | Midnight Commander Unspecified Underflow DoS |
| 12910 | Midnight Commander Insecure Filename Quoting Arbitrary Command Execution |
| 12909 | Midnight Commander Nonexistent File Descriptor Handling DoS |
| 12908 | Midnight Commander Unspecified Freed Memory DoS |
ExploitDB Exploits
| id | Description |
|---|---|
| 24259 | Ethereal 0.x Multiple Unspecified iSNS, SMB and SNMP Protocol Dissector Vulne... |
| 718 | Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-09-10 | Name : Slackware Advisory SSA:2011-210-01 libpng File : nvt/esoft_slk_ssa_2011_210_01.nasl |
| 2012-07-09 | Name : RedHat Update for libpng RHSA-2011:1105-01 File : nvt/gb_RHSA-2011_1105-01_libpng.nasl |
| 2012-04-11 | Name : Fedora Update for libpng10 FEDORA-2012-5079 File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl |
| 2012-04-02 | Name : Fedora Update for libpng10 FEDORA-2012-3536 File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl |
| 2012-03-07 | Name : Fedora Update for libpng10 FEDORA-2012-2008 File : nvt/gb_fedora_2012_2008_libpng10_fc15.nasl |
| 2011-10-21 | Name : Mandriva Update for libpng MDVSA-2011:151 (libpng) File : nvt/gb_mandriva_MDVSA_2011_151.nasl |
| 2011-08-02 | Name : Fedora Update for libpng FEDORA-2011-9336 File : nvt/gb_fedora_2011_9336_libpng_fc14.nasl |
| 2011-07-27 | Name : Fedora Update for libpng10 FEDORA-2011-8844 File : nvt/gb_fedora_2011_8844_libpng10_fc15.nasl |
| 2011-07-27 | Name : Fedora Update for libpng10 FEDORA-2011-8867 File : nvt/gb_fedora_2011_8867_libpng10_fc14.nasl |
| 2011-07-22 | Name : Fedora Update for libpng FEDORA-2011-9343 File : nvt/gb_fedora_2011_9343_libpng_fc15.nasl |
| 2011-07-18 | Name : Fedora Update for mingw32-libpng FEDORA-2011-8868 File : nvt/gb_fedora_2011_8868_mingw32-libpng_fc14.nasl |
| 2011-07-18 | Name : Fedora Update for mingw32-libpng FEDORA-2011-8874 File : nvt/gb_fedora_2011_8874_mingw32-libpng_fc15.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
| 2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5010966.nasl |
| 2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011171.nasl |
| 2009-10-10 | Name : SLES9: Security update for Midnight Commander File : nvt/sles9p5011441.nasl |
| 2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl |
| 2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
| 2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5013340.nasl |
| 2009-10-10 | Name : SLES9: Security update for gnome-vfs2,gnome-vfs2-doc File : nvt/sles9p5014116.nasl |
| 2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
| 2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
| 2009-10-10 | Name : SLES9: Security update for gnome-vfs File : nvt/sles9p5014621.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow multipacket attempt RuleID : 3634 - Type : WEB-CLIENT - Revision : 9 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 3632 - Type : FILE-IMAGE - Revision : 25 |
| 2015-10-01 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 35848 - Type : FILE-IMAGE - Revision : 3 |
| 2014-01-10 | RADIUS ATTR_TYPE_STR overflow attempt RuleID : 3541 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | RADIUS registration vendor ATTR_TYPE_STR overflow attempt RuleID : 3540 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | RADIUS MSID overflow attempt RuleID : 3539 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | RADIUS registration MSID overflow attempt RuleID : 3538 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222-community - Type : SERVER-WEBAPP - Revision : 20 |
| 2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222 - Type : SERVER-WEBAPP - Revision : 20 |
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22115 - Type : SERVER-MAIL - Revision : 6 |
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22114 - Type : SERVER-MAIL - Revision : 6 |
| 2014-01-10 | Metamail header length exploit attempt RuleID : 22113 - Type : SERVER-MAIL - Revision : 6 |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22112 - Type : SERVER-MAIL - Revision : 5 |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22111 - Type : SERVER-MAIL - Revision : 5 |
| 2014-01-10 | Metamail format string exploit attempt RuleID : 22110 - Type : SERVER-MAIL - Revision : 4 |
| 2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Type : NETBIOS - Revision : 11 |
| 2014-01-10 | Samba unicode filename buffer overflow attempt RuleID : 15986 - Type : SERVER-SAMBA - Revision : 8 |
| 2014-01-10 | Samba wildcard filename matching denial of service attempt RuleID : 15581 - Type : SERVER-SAMBA - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-01-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO |
| 2016-04-01 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_2.nasl - Type: ACT_GATHER_INFO |
| 2016-03-22 | Name: The remote Mac OS X host is affected by multiple vulnerabilities. File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO |
| 2016-03-22 | Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File: macosx_SecUpd2016-002.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-037f844d3e.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-c24af963a2.nasl - Type: ACT_GATHER_INFO |
| 2016-01-25 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-32.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0030-1.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0049-1.nasl - Type: ACT_GATHER_INFO |
| 2015-12-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3430.nasl - Type: ACT_GATHER_INFO |
| 2015-12-29 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-959.nasl - Type: ACT_GATHER_INFO |
| 2015-12-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20151207_libxml2_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2015-12-15 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-628.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
| 2015-11-17 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2812-1.nasl - Type: ACT_GATHER_INFO |
| 2015-08-04 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150722_libxml2_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2015-07-31 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2015-0097.nasl - Type: ACT_GATHER_INFO |
| 2015-07-30 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
| 2015-07-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
| 2015-07-23 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
| 2015-07-08 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-08.nasl - Type: ACT_GATHER_INFO |
| 2015-07-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-266.nasl - Type: ACT_GATHER_INFO |
| 2015-07-02 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_9c7177ff1fe111e59a01bcaec565249c.nasl - Type: ACT_GATHER_INFO |
