Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-3193 |
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Published: June 15, 2012; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-3547 |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Published: November 04, 2009; 10:30:00 AM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2009-0834 |
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. Published: March 06, 2009; 6:30:02 AM -0500 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2008-3272 |
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. Published: August 08, 2008; 2:41:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-2364 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Published: June 13, 2008; 2:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-6206 |
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. Published: December 03, 2007; 7:46:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-5752 |
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Published: June 27, 2007; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-1349 |
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. Published: March 29, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-0455 |
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Published: January 30, 2007; 12:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-5170 |
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. Published: October 10, 2006; 12:06:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-2970 |
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. Published: October 25, 2005; 1:06:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-1268 |
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Published: August 05, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |