Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-4291 |
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Published: August 16, 2012; 6:38:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-4290 |
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. Published: August 16, 2012; 6:38:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-4289 |
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. Published: August 16, 2012; 6:38:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-4285 |
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. Published: August 16, 2012; 6:38:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-3440 |
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Published: August 08, 2012; 6:26:19 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.6 MEDIUM |
CVE-2012-0067 |
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. Published: April 11, 2012; 6:39:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0066 |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. Published: April 11, 2012; 6:39:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0042 |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. Published: April 11, 2012; 6:39:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.9 LOW |
CVE-2012-0041 |
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. Published: April 11, 2012; 6:39:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1576 |
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. Published: August 31, 2011; 7:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.7 MEDIUM |
CVE-2011-0536 |
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. Published: April 08, 2011; 11:17:26 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2011-1011 |
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. Published: February 24, 2011; 4:00:18 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-4238 |
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. Published: January 22, 2011; 5:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2010-4161 |
The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. Published: December 30, 2010; 2:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2010-2938 |
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest. Published: October 08, 2010; 5:00:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-2696 |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781. Published: August 05, 2010; 2:17:57 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1871 |
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured. Published: August 05, 2010; 9:23:09 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2010-1439 |
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. Published: June 07, 2010; 1:12:48 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.6 LOW |
CVE-2010-0730 |
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. Published: May 12, 2010; 7:46:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2009-3556 |
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. Published: January 27, 2010; 12:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |