This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2002-12-31
Product Enterprise Linux Desktop Last view 2009-08-18
Version 3.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_desktop

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2009-08-18 CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

4.9 2008-05-07 CVE-2007-5001

Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.

8.5 2007-04-05 CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

5 2007-03-29 CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

10 2007-02-20 CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

10 2006-12-07 CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

4.6 2006-07-27 CVE-2006-2933

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

2.6 2005-12-31 CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

10 2005-09-06 CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

7.2 2005-09-01 CVE-2005-0403

init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.

5 2005-08-05 CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

7.5 2005-06-13 CVE-2005-1760

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

2.1 2005-05-18 CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

4.6 2005-05-04 CVE-2005-1194

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

3.7 2005-05-02 CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

7.5 2005-05-02 CVE-2005-0086

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

4.6 2005-05-02 CVE-2005-0078

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

6.9 2005-05-02 CVE-2005-0001

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

2.1 2005-04-14 CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

2.1 2005-04-14 CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

6.2 2005-04-14 CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CWE : Common Weakness Enumeration

%idName
27% (3) CWE-399 Resource Management Errors
18% (2) CWE-415 Double Free
18% (2) CWE-189 Numeric Errors
9% (1) CWE-269 Improper Privilege Management
9% (1) CWE-193 Off-by-one Error
9% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
9% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
73493 libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS
57264 Linux Kernel execve Function current->clear_child_tid Pointer Handling Loc...
44987 Linux Kernel FIFO Special File Asynchronous Input / Output Local DoS
44330 CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow
34918 X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow
34917 FreeType bdfReadCharacters Function BDF Font Handling Overflow
34541 mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remot...
34540 mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
32083 GnomeMeeting gnomemeeting_log_insert name Variable Format String
31832 GnuPG OpenPGP Packet Decryption Overflow
28550 Red Hat Linux KDE kdesktop_lock Termination Failure
22509 IGMP Spoofed Membership Report DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
19188 Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction B...
18286 Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17302 Red Hat sysreport up2date Proxy Password Cleartext Disclosure
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
16687 Red Hat xattr File System Local DoS
16440 Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati...
16088 NASM ieee_putascii() Function ASM File Overflow
15808 Red Hat Linux Kernel NPTL tty DoS
15487 gzip Race Condition Arbitrary File Permission Modification
15382 Mozilla Multiple Malformed HTML Tag Null Dereference DoS

ExploitDB Exploits

id Description
374 SoX Local Buffer Overflow Exploiter (Via Crafted WAV File)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-10 Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-07-09 Name : RedHat Update for libpng RHSA-2011:1105-01
File : nvt/gb_RHSA-2011_1105-01_libpng.nasl
2012-04-11 Name : Fedora Update for libpng10 FEDORA-2012-5079
File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl
2012-04-02 Name : Fedora Update for libpng10 FEDORA-2012-3536
File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl
2012-03-07 Name : Fedora Update for libpng10 FEDORA-2012-2008
File : nvt/gb_fedora_2012_2008_libpng10_fc15.nasl
2011-10-21 Name : Mandriva Update for libpng MDVSA-2011:151 (libpng)
File : nvt/gb_mandriva_MDVSA_2011_151.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1243 centos5 i386
File : nvt/gb_CESA-2009_1243_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1438 centos4 i386
File : nvt/gb_CESA-2009_1438_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1550 centos3 i386
File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl
2011-08-02 Name : Fedora Update for libpng FEDORA-2011-9336
File : nvt/gb_fedora_2011_9336_libpng_fc14.nasl
2011-07-27 Name : Fedora Update for libpng10 FEDORA-2011-8844
File : nvt/gb_fedora_2011_8844_libpng10_fc15.nasl
2011-07-27 Name : Fedora Update for libpng10 FEDORA-2011-8867
File : nvt/gb_fedora_2011_8867_libpng10_fc14.nasl
2011-07-22 Name : Fedora Update for libpng FEDORA-2011-9343
File : nvt/gb_fedora_2011_9343_libpng_fc15.nasl
2011-07-18 Name : Fedora Update for mingw32-libpng FEDORA-2011-8868
File : nvt/gb_fedora_2011_8868_mingw32-libpng_fc14.nasl
2011-07-18 Name : Fedora Update for mingw32-libpng FEDORA-2011-8874
File : nvt/gb_fedora_2011_8874_mingw32-libpng_fc15.nasl
2010-05-12 Name : Mac OS X Security Update 2009-001
File : nvt/macosx_secupd_2009-001.nasl
2010-02-19 Name : SuSE Update for kernel SUSE-SA:2010:012
File : nvt/gb_suse_2010_012.nasl
2010-02-03 Name : Solaris Update for CDE 1.6 119280-22
File : nvt/gb_solaris_119280_22.nasl
2010-02-03 Name : Solaris Update for Runtime library for Solaris 10 119281-22
File : nvt/gb_solaris_119281_22.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-11-17 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel9.nasl
2009-11-17 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5062456.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1550
File : nvt/RHSA_2009_1550.nasl

Snort® IPS/IDS

Date Description
2019-09-10 nfs-utils TCP connection termination denial-of-service attempt
RuleID : 50913 - Type : SERVER-OTHER - Revision : 1
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1
2014-01-10 Microsoft Windows Bitmap width integer overflow multipacket attempt
RuleID : 3634 - Type : WEB-CLIENT - Revision : 9
2014-01-10 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 3632 - Type : FILE-IMAGE - Revision : 25
2015-10-01 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 35848 - Type : FILE-IMAGE - Revision : 3
2014-01-10 RADIUS ATTR_TYPE_STR overflow attempt
RuleID : 3541 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS registration vendor ATTR_TYPE_STR overflow attempt
RuleID : 3540 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS MSID overflow attempt
RuleID : 3539 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS registration MSID overflow attempt
RuleID : 3538 - Type : SERVER-OTHER - Revision : 7
2014-01-10 Microsoft MSN Messenger png overflow
RuleID : 3130-community - Type : PUA-OTHER - Revision : 8
2014-01-10 Microsoft MSN Messenger png overflow
RuleID : 3130 - Type : PUA-OTHER - Revision : 8
2014-01-10 SMB client TRANS response ring0 remote code execution attempt
RuleID : 16531 - Type : NETBIOS - Revision : 11
2014-01-10 KAME racoon X509 certificate verification bypass attempt
RuleID : 16080 - Type : SERVER-OTHER - Revision : 6
2014-01-10 Samba unicode filename buffer overflow attempt
RuleID : 15986 - Type : SERVER-SAMBA - Revision : 8
2014-01-10 Samba wildcard filename matching denial of service attempt
RuleID : 15581 - Type : SERVER-SAMBA - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_perl-58_20131015.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2013-0039.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2006-0576.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0754.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-0086.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0125.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0126.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0132.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0150.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0395.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0211.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1438.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1550.nasl - Type: ACT_GATHER_INFO
2013-06-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-1550.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0263.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2008-0627.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-1466.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO