This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 1996-07-16
Product Enterprise Linux Desktop Last view 2012-06-15
Version 4.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_desktop

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.3 2012-06-15 CVE-2011-3193

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

2.1 2008-08-08 CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

4.7 2008-06-30 CVE-2008-2365

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

4.3 2007-12-03 CVE-2006-7226

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).

6.2 2007-07-15 CVE-2007-3103

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

8.5 2007-04-05 CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

10 2007-02-20 CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

7.2 2007-01-30 CVE-2006-5753

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

10 2006-12-07 CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

4.6 2005-12-22 CVE-2005-3631

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

2.1 2005-10-25 CVE-2005-2100

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

10 2005-09-06 CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

7.5 2005-06-13 CVE-2005-1760

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

4.6 2005-05-04 CVE-2005-1194

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

3.7 2005-05-02 CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

7.5 2005-05-02 CVE-2005-0337

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

2.1 2005-05-02 CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

7.2 2005-05-02 CVE-2005-0091

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

2.1 2005-05-02 CVE-2005-0090

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

2.1 2005-05-02 CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

6.9 2005-05-02 CVE-2005-0001

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

6.2 2005-04-14 CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CWE : Common Weakness Enumeration

%idName
22% (2) CWE-399 Resource Management Errors
22% (2) CWE-189 Numeric Errors
11% (1) CWE-787 Out-of-bounds Write
11% (1) CWE-362 Race Condition
11% (1) CWE-264 Permissions, Privileges, and Access Controls
11% (1) CWE-200 Information Exposure
11% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
75652 Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow
48563 Linux Kernel ptrace / utrace Support PTRACE_ATTACH Call Handling Local DoS
47362 Linux Kernel snd_seq_oss_synth_make_info() Function Local Information Disclosure
40945 X.Org X Font Server (xfs) init.d Symlink Arbitrary File Permission Modification
40755 Perl-Compatible Regular Expression (PCRE) Compiled Memory Allocation Miscalcu...
34918 X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow
34917 FreeType bdfReadCharacters Function BDF Font Handling Overflow
33020 Linux Kernel listxattr System Call Unspecified Memory Corruption
32083 GnomeMeeting gnomemeeting_log_insert name Variable Format String
31832 GnuPG OpenPGP Packet Decryption Overflow
22509 IGMP Spoofed Membership Report DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
22001 Red Hat Linux udev /dev/input Permission Weakness Information Disclosure
20424 Red Hat Enterprise Linux Kernel usercopy.c rw_vm() Function Local Overflow DoS
19188 Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction B...
17302 Red Hat sysreport up2date Proxy Password Cleartext Disclosure
16440 Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati...
16088 NASM ieee_putascii() Function ASM File Overflow
15487 gzip Race Condition Arbitrary File Permission Modification
15417 Red Hat Linux 4GB Split Patch access check Regression Error Local DoS
15416 Red Hat Linux 4GB Split Patch Unspecified Kernel Memory Read/Write
15415 Red Hat Linux 4GB Split Patch Unspecified hugemem Local DoS
15214 Linux Kernel NFS Client O_DIRECT DoS

ExploitDB Exploits

id Description
5167 X.Org xorg-x11-xfs <= 1.0.2-3.1 - Local Race Condition Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-30 Name : CentOS Update for qt4 CESA-2011:1324 centos5 x86_64
File : nvt/gb_CESA-2011_1324_qt4_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for evolution28-pango CESA-2011:1325 centos4 x86_64
File : nvt/gb_CESA-2011_1325_evolution28-pango_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for pango CESA-2011:1326 centos5 x86_64
File : nvt/gb_CESA-2011_1326_pango_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for frysk CESA-2011:1327 centos4 x86_64
File : nvt/gb_CESA-2011_1327_frysk_centos4_x86_64.nasl
2012-07-16 Name : Ubuntu Update for qt4-x11 USN-1504-1
File : nvt/gb_ubuntu_USN_1504_1.nasl
2012-07-09 Name : RedHat Update for qt RHSA-2011:1323-01
File : nvt/gb_RHSA-2011_1323-01_qt.nasl
2011-09-23 Name : CentOS Update for qt4 CESA-2011:1324 centos5 i386
File : nvt/gb_CESA-2011_1324_qt4_centos5_i386.nasl
2011-09-23 Name : CentOS Update for evolution28-pango CESA-2011:1325 centos4 i386
File : nvt/gb_CESA-2011_1325_evolution28-pango_centos4_i386.nasl
2011-09-23 Name : CentOS Update for pango CESA-2011:1326 centos5 i386
File : nvt/gb_CESA-2011_1326_pango_centos5_i386.nasl
2011-09-23 Name : CentOS Update for frysk CESA-2011:1327 centos4 i386
File : nvt/gb_CESA-2011_1327_frysk_centos4_i386.nasl
2011-09-23 Name : RedHat Update for qt4 RHSA-2011:1324-01
File : nvt/gb_RHSA-2011_1324-01_qt4.nasl
2011-09-23 Name : RedHat Update for evolution28-pango RHSA-2011:1325-01
File : nvt/gb_RHSA-2011_1325-01_evolution28-pango.nasl
2011-09-23 Name : RedHat Update for pango RHSA-2011:1326-01
File : nvt/gb_RHSA-2011_1326-01_pango.nasl
2011-09-23 Name : RedHat Update for frysk RHSA-2011:1327-01
File : nvt/gb_RHSA-2011_1327-01_frysk.nasl
2010-05-12 Name : Mac OS X Security Update 2009-001
File : nvt/macosx_secupd_2009-001.nasl
2010-02-03 Name : Solaris Update for CDE 1.6 119280-22
File : nvt/gb_solaris_119280_22.nasl
2010-02-03 Name : Solaris Update for Runtime library for Solaris 10 119281-22
File : nvt/gb_solaris_119281_22.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for Apache 1.3 122911-17
File : nvt/gb_solaris_122911_17.nasl
2009-10-13 Name : Solaris Update for Apache 1.3 122912-17
File : nvt/gb_solaris_122912_17.nasl
2009-10-13 Name : SLES10: Security update for Linux Kernel (x86)
File : nvt/sles10_kernel7.nasl
2009-10-10 Name : SLES9: Security update for perl-DBI
File : nvt/sles9p5010763.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5011429.nasl

Snort® IPS/IDS

Date Description
2019-08-31 Postfix IPv6 Relaying Security Issue
RuleID : 50859 - Type : SERVER-MAIL - Revision : 1
2014-01-10 RADIUS ATTR_TYPE_STR overflow attempt
RuleID : 3541 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS registration vendor ATTR_TYPE_STR overflow attempt
RuleID : 3540 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS MSID overflow attempt
RuleID : 3539 - Type : SERVER-OTHER - Revision : 7
2014-01-10 RADIUS registration MSID overflow attempt
RuleID : 3538 - Type : SERVER-OTHER - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-117.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2008-2006.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libQtWebKit-devel-110908.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_libQtWebKit-devel-110908.nasl - Type: ACT_GATHER_INFO
2013-11-25 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201311-14.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0754.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0014.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-0086.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0125.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0126.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0132.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0150.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0519.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0520.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1059.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1068.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0508.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0885.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0972.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1323.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1324.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1325.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1326.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2011-1327.nasl - Type: ACT_GATHER_INFO
2013-06-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2007-1068.nasl - Type: ACT_GATHER_INFO