Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2003-07-24 |
| Product | Linux Advanced Workstation | Last view | 2008-05-23 |
| Version | 2.1 | Type | Os |
| Update | * | ||
| Edition | itanium | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:redhat:linux_advanced_workstation | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2008-05-23 | CVE-2008-1767 | Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. |
| 7.2 | 2007-10-11 | CVE-2007-5365 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
| 8.5 | 2007-04-05 | CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 2.6 | 2005-12-31 | CVE-2005-1918 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". |
| 5 | 2005-05-02 | CVE-2005-1061 | The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." |
| 5 | 2004-10-18 | CVE-2004-1613 | Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. |
| 7.5 | 2003-07-24 | CVE-2003-0434 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-399 | Resource Management Errors |
| 28% (2) | CWE-189 | Numeric Errors |
| 28% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-6 | Argument Injection |
| CAPEC-15 | Command Delimiters |
| CAPEC-79 | Using Slashes in Alternate Encoding |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 45419 | libxslt XSL Style-sheet File Processing Arbitrary Code Execution |
| 41687 | Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove... |
| 34918 | X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow |
| 34917 | FreeType bdfReadCharacters Function BDF Font Handling Overflow |
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 15708 | Red Hat logwatch secure Log Parsing DoS |
| 15382 | Mozilla Multiple Malformed HTML Tag Null Dereference DoS |
| 9293 | Multiple PDF Viewers Embedded Hyperlink Shell Metacharacter Command Execution |
| 9063 | GNU tar Extraction Arbitrary File Overwrite |
ExploitDB Exploits
| id | Description |
|---|---|
| 4601 | Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-13 | Name : SLES10: Security update for libxslt File : nvt/sles10_libxslt0.nasl |
| 2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
| 2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
| 2009-10-10 | Name : SLES9: Security update for libxslt File : nvt/sles9p5028020.nasl |
| 2009-10-10 | Name : SLES9: Security update for some XFree86 modules File : nvt/sles9p5021116.nasl |
| 2009-10-10 | Name : SLES9: Security update for tar File : nvt/sles9p5020240.nasl |
| 2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5013340.nasl |
| 2009-06-03 | Name : Solaris Update for dhcp server and admin 109077-21 File : nvt/gb_solaris_109077_21.nasl |
| 2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01 File : nvt/gb_solaris_138877_01.nasl |
| 2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01 File : nvt/gb_solaris_138876_01.nasl |
| 2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17 File : nvt/gb_solaris_114265_17.nasl |
| 2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18 File : nvt/gb_solaris_112837_18.nasl |
| 2009-06-03 | Name : Solaris Update for dhcp server and admin 109078-21 File : nvt/gb_solaris_109078_21.nasl |
| 2009-04-09 | Name : Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11) File : nvt/gb_mandriva_MDKSA_2007_079.nasl |
| 2009-04-09 | Name : Mandriva Update for xorg-x11 MDKSA-2007:079-1 (xorg-x11) File : nvt/gb_mandriva_MDKSA_2007_079_1.nasl |
| 2009-04-09 | Name : Mandriva Update for tightvnc MDKSA-2007:080 (tightvnc) File : nvt/gb_mandriva_MDKSA_2007_080.nasl |
| 2009-04-09 | Name : Mandriva Update for tightvnc MDKSA-2007:080-1 (tightvnc) File : nvt/gb_mandriva_MDKSA_2007_080_1.nasl |
| 2009-04-09 | Name : Mandriva Update for freetype2 MDKSA-2007:081 (freetype2) File : nvt/gb_mandriva_MDKSA_2007_081.nasl |
| 2009-04-09 | Name : Mandriva Update for freetype2 MDKSA-2007:081-1 (freetype2) File : nvt/gb_mandriva_MDKSA_2007_081_1.nasl |
| 2009-04-09 | Name : Mandriva Update for libxslt MDVSA-2008:151 (libxslt) File : nvt/gb_mandriva_MDVSA_2008_151.nasl |
| 2009-03-23 | Name : Ubuntu Update for libxslt vulnerabilities USN-633-1 File : nvt/gb_ubuntu_USN_633_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for dhcp vulnerability USN-531-2 File : nvt/gb_ubuntu_USN_531_2.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-08-29 | Sun Solaris dhcpd malformed bootp denial of service attempt RuleID : 43752 - Type : SERVER-OTHER - Revision : 2 |
| 2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222-community - Type : SERVER-WEBAPP - Revision : 20 |
| 2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222 - Type : SERVER-WEBAPP - Revision : 20 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0287.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0150.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0132.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0126.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0125.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080521_libxslt_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12184.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-151.nasl - Type: ACT_GATHER_INFO |
| 2009-02-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2009-001.nasl - Type: ACT_GATHER_INFO |
| 2008-11-14 | Name: The remote host contains a web browser that is affected by several issues. File: macosx_Safari3_2.nasl - Type: ACT_GATHER_INFO |
| 2008-11-14 | Name: The remote host contains a web browser that is affected by several issues. File: safari_3_2.nasl - Type: ACT_GATHER_INFO |
| 2008-10-10 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2008-007.nasl - Type: ACT_GATHER_INFO |
| 2008-08-04 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-633-1.nasl - Type: ACT_GATHER_INFO |
| 2008-07-29 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2008-210-03.nasl - Type: ACT_GATHER_INFO |
| 2008-06-16 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_libxslt-5343.nasl - Type: ACT_GATHER_INFO |
| 2008-06-16 | Name: The remote openSUSE host is missing a security update. File: suse_libxslt-5263.nasl - Type: ACT_GATHER_INFO |
| 2008-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200806-02.nasl - Type: ACT_GATHER_INFO |
| 2008-05-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1589.nasl - Type: ACT_GATHER_INFO |
| 2008-05-22 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0287.nasl - Type: ACT_GATHER_INFO |
| 2008-05-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0287.nasl - Type: ACT_GATHER_INFO |
| 2008-01-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1454.nasl - Type: ACT_GATHER_INFO |
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_freetype2-3067.nasl - Type: ACT_GATHER_INFO |
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_xorg-x11-server-3083.nasl - Type: ACT_GATHER_INFO |
