This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2002-10-28
Product Linux Last view 2005-12-31
Version 7.3 Type Os
Update *  
Edition i386  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:linux

Activity : Overall

Related : CVE

  Date Alert Description
5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

4.6 2005-04-14 CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

6.2 2005-04-14 CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

7.2 2005-03-27 CVE-2005-0750

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

10 2005-01-27 CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

10 2005-01-27 CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

10 2005-01-10 CVE-2004-1026

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10 2005-01-10 CVE-2004-1025

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10 2004-12-31 CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

2.1 2004-12-15 CVE-2004-1335

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

2.1 2004-12-15 CVE-2004-1333

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

5 2004-10-18 CVE-2004-1613

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

4.6 2004-09-14 CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

10 2003-02-19 CVE-2003-0041

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

4.9 2002-12-31 CVE-2002-2185

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

5 2002-11-04 CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

7.5 2002-10-28 CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-399 Resource Management Errors
33% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-88 OS Command Injection
CAPEC-108 Command Line Execution through SQL Injection

Open Source Vulnerability Database (OSVDB)

id Description
22509 IGMP Spoofed Membership Report DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
15382 Mozilla Multiple Malformed HTML Tag Null Dereference DoS
15084 Linux Kernel bluez_sock_create() Local Underflow
14513 NIS ypserv ypdb_open Function Memory Consumption Remote DoS
13535 Linux Kernel ip_options_get Memory Leak DoS
13013 MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
12843 Imlib Image Decoding Multiple Unspecified Overflows
12791 Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation
12479 Linux Kernel vc_resize() Function Local Overflow
10528 Mozilla Multiple Products Link non-ASCII Hostname Overflow
10527 Mozilla Multiple Products POP3 Response Overflow
10526 Mozilla Multiple Products Send Page Overflow
10525 Mozilla Multiple Products BMP Image Overflow
10524 Mozilla Multiple Products Javascript Drag and Drop XSS
9968 Mozilla Multiple Products nsMsgCompUtils.cpp Multiple Overflows
9966 Mozilla Multiple Products nsVCardObj.cpp writeGroup() Function Overflow
4898 Multiple Vendors FTP Client Pipe Character Arbitrary Code Execution
4526 teTeX dvips Command Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-10 Name : SLES9: Security update for Linux kernel core
File : nvt/sles9p5014380.nasl
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5012017.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto...
File : nvt/glsa_200601_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)
File : nvt/glsa_200601_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200501-33 (mysql)
File : nvt/glsa_200501_33.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200501-19 (imlib2)
File : nvt/glsa_200501_19.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200412-03 (imlib)
File : nvt/glsa_200412_03.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla)
File : nvt/glsa_200409_26.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird5.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird4.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird3.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird0.nasl
2008-09-04 Name : FreeBSD Ports: mysql-scripts
File : nvt/freebsd_mysql-scripts.nasl
2008-09-04 Name : FreeBSD Ports: imlib
File : nvt/freebsd_imlib.nasl
2008-01-17 Name : Debian Security Advisory DSA 962-1 (pdftohtml)
File : nvt/deb_962_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16)
File : nvt/deb_1067_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 932-1 (xpdf)
File : nvt/deb_932_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-...
File : nvt/deb_1070_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
File : nvt/deb_1082_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 180-1 (nis)
File : nvt/deb_180_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 207-1 (tetex-bin)
File : nvt/deb_207_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 618-1 (imlib)
File : nvt/deb_618_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 628-1 (imlib2)
File : nvt/deb_628_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 647-1 (mysql)
File : nvt/deb_647_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 931-1 (xpdf)
File : nvt/deb_931_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 portmap ypserv request UDP
RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap ypserv request UDP
RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1
2014-01-10 Microsoft Windows Bitmap width integer overflow multipacket attempt
RuleID : 3634 - Type : WEB-CLIENT - Revision : 9
2014-01-10 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 3632 - Type : FILE-IMAGE - Revision : 25
2015-10-01 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 35848 - Type : FILE-IMAGE - Revision : 3
2014-01-10 ypserv maplist request TCP
RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request TCP
RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request UDP
RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 ypserv maplist request UDP
RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 portmap ypserv request TCP
RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap ypserv request TCP
RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-01-18 Name: Arbitrary files could be read or overwritten via the remote database server.
File: mysql_client_symlink_attack.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-293.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-366.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-868.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0101.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-840.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0140.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0163.nasl - Type: ACT_GATHER_INFO