Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
There are 89 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2009-4067

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

Published: February 11, 2020; 2:15:10 PM -0500
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2011-3585

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

Published: December 31, 2019; 3:15:11 PM -0500
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2011-2717

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

Published: November 27, 2019; 4:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2011-4967

tog-Pegasus has a package hash collision DoS vulnerability

Published: November 19, 2019; 11:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

Published: November 13, 2019; 9:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Published: November 12, 2019; 9:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Published: November 05, 2019; 5:15:10 PM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2015-2877

** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Published: March 03, 2017; 6:59:00 AM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Published: December 22, 2016; 4:59:00 PM -0500
V3.0: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1565

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 09, 2015; 12:59:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5364

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.

Published: January 25, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2011-3363

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

Published: May 24, 2012; 7:55:02 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.1 MEDIUM
CVE-2011-3191

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

Published: May 24, 2012; 7:55:02 PM -0400
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2011-3188

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

Published: May 24, 2012; 7:55:02 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2011-2699

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

Published: May 24, 2012; 7:55:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-1097

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

Published: May 17, 2012; 7:00:37 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2011-2525

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

Published: February 01, 2012; 11:09:47 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2010-4805

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

Published: May 26, 2011; 12:55:03 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2010-4251

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.

Published: May 26, 2011; 12:55:03 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH