Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 1996-07-16 |
Product | Enterprise Linux | Last view | 2015-08-14 |
Version | 4.0 | Type | Os |
Update | * | ||
Edition | workstation | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:redhat:enterprise_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2015-08-14 | CVE-2015-1819 | The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. |
8.5 | 2007-04-05 | CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
10 | 2007-02-20 | CVE-2007-1007 | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. |
7.2 | 2007-01-30 | CVE-2006-5753 | Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. |
10 | 2006-12-07 | CVE-2006-6235 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
7.2 | 2005-12-31 | CVE-2005-3629 | initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
4.6 | 2005-12-22 | CVE-2005-3631 | udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. |
2.1 | 2005-10-25 | CVE-2005-2100 | The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). |
10 | 2005-09-06 | CVE-2005-2700 | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. |
7.5 | 2005-06-13 | CVE-2005-1760 | sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. |
4.6 | 2005-05-04 | CVE-2005-1194 | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. |
2.1 | 2005-05-02 | CVE-2005-1038 | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. |
3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
7.5 | 2005-05-02 | CVE-2005-0337 | Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. |
2.1 | 2005-05-02 | CVE-2005-0207 | Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. |
7.2 | 2005-05-02 | CVE-2005-0091 | Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. |
2.1 | 2005-05-02 | CVE-2005-0090 | A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash). |
2.1 | 2005-05-02 | CVE-2005-0077 | The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. |
6.9 | 2005-05-02 | CVE-2005-0001 | Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
7.2 | 2005-03-27 | CVE-2005-0750 | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. |
5 | 2005-03-14 | CVE-2005-0473 | The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (3) | CWE-399 | Resource Management Errors |
33% (2) | CWE-189 | Numeric Errors |
16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
34918 | X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow |
34917 | FreeType bdfReadCharacters Function BDF Font Handling Overflow |
33020 | Linux Kernel listxattr System Call Unspecified Memory Corruption |
32083 | GnomeMeeting gnomemeeting_log_insert name Variable Format String |
31832 | GnuPG OpenPGP Packet Decryption Overflow |
23741 | Red Hat Linux initscripts Variable Manipulation Privilege Escalation |
22509 | IGMP Spoofed Membership Report DoS |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
22001 | Red Hat Linux udev /dev/input Permission Weakness Information Disclosure |
20424 | Red Hat Enterprise Linux Kernel usercopy.c rw_vm() Function Local Overflow DoS |
19188 | Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction B... |
17302 | Red Hat sysreport up2date Proxy Password Cleartext Disclosure |
16440 | Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati... |
16088 | NASM ieee_putascii() Function ASM File Overflow |
15487 | gzip Race Condition Arbitrary File Permission Modification |
15417 | Red Hat Linux 4GB Split Patch access check Regression Error Local DoS |
15416 | Red Hat Linux 4GB Split Patch Unspecified Kernel Memory Read/Write |
15415 | Red Hat Linux 4GB Split Patch Unspecified hugemem Local DoS |
15352 | Vixie Cron crontab -e Option Arbitrary Cron File Disclosure |
15214 | Linux Kernel NFS Client O_DIRECT DoS |
15084 | Linux Kernel bluez_sock_create() Local Underflow |
14777 | Linux Kernel sys_epoll_wait() Function Local Overflow |
14776 | IPsec-Tools racoon Daemon ISAKMP Header Parsing Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
2009-10-10 | Name : SLES9: Security update for perl-DBI File : nvt/sles9p5010763.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011429.nasl |
2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5013340.nasl |
2009-10-10 | Name : SLES9: Security update for apache2,apache2-prefork,apache2-worker File : nvt/sles9p5013454.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016846.nasl |
2009-10-10 | Name : SLES9: Security update for gpg File : nvt/sles9p5017544.nasl |
2009-10-10 | Name : SLES9: Security update for some XFree86 modules File : nvt/sles9p5021116.nasl |
2009-10-10 | Name : SLES9: Security update for Apache2 File : nvt/sles9p5021652.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl |
2009-06-03 | Name : Solaris Update for SunFreeware gzip 120719-02 File : nvt/gb_solaris_120719_02.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01232 File : nvt/gb_hp_ux_HPSBUX01232.nasl |
2009-04-09 | Name : Mandriva Update for xorg-x11 MDKSA-2007:079-1 (xorg-x11) File : nvt/gb_mandriva_MDKSA_2007_079_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-31 | Postfix IPv6 Relaying Security Issue RuleID : 50859 - Type : SERVER-MAIL - Revision : 1 |
2014-01-10 | RADIUS ATTR_TYPE_STR overflow attempt RuleID : 3541 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS registration vendor ATTR_TYPE_STR overflow attempt RuleID : 3540 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS MSID overflow attempt RuleID : 3539 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS registration MSID overflow attempt RuleID : 3538 - Type : SERVER-OTHER - Revision : 7 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-01-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO |
2016-04-01 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_2.nasl - Type: ACT_GATHER_INFO |
2016-03-22 | Name: The remote Mac OS X host is affected by multiple vulnerabilities. File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO |
2016-03-22 | Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File: macosx_SecUpd2016-002.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-037f844d3e.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-c24af963a2.nasl - Type: ACT_GATHER_INFO |
2016-01-25 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-32.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0030-1.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0049-1.nasl - Type: ACT_GATHER_INFO |
2015-12-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3430.nasl - Type: ACT_GATHER_INFO |
2015-12-29 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-959.nasl - Type: ACT_GATHER_INFO |
2015-12-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20151207_libxml2_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
2015-12-15 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-628.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO |
2015-11-17 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2812-1.nasl - Type: ACT_GATHER_INFO |
2015-08-04 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150722_libxml2_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2015-07-31 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2015-0097.nasl - Type: ACT_GATHER_INFO |
2015-07-30 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
2015-07-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
2015-07-23 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO |
2015-07-08 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-08.nasl - Type: ACT_GATHER_INFO |
2015-07-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-266.nasl - Type: ACT_GATHER_INFO |
2015-07-02 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_9c7177ff1fe111e59a01bcaec565249c.nasl - Type: ACT_GATHER_INFO |