Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-1837 |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Published: June 12, 2009; 5:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 9.3 HIGH |
CVE-2009-0846 |
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. Published: April 08, 2009; 8:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-2375 |
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. Published: July 08, 2008; 8:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-2365 |
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x. Published: June 30, 2008; 5:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2008-2366 |
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. Published: June 16, 2008; 2:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2008-1767 |
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Published: May 23, 2008; 11:32:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-1419 |
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. Published: May 16, 2008; 8:54:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1420 |
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Published: May 16, 2008; 8:54:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-4130 |
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. Published: February 04, 2008; 7:00:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-0003 |
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. Published: January 08, 2008; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6285 |
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. Published: December 20, 2007; 5:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2006-7226 |
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). Published: December 03, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-5494 |
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. Published: November 29, 2007; 9:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2007-5116 |
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-4137 |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Published: September 18, 2007; 3:17:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-3379 |
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. Published: September 17, 2007; 1:17:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-4131 |
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Published: August 24, 2007; 8:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-3103 |
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. Published: July 15, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2007-1859 |
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. Published: May 02, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2007-2030 |
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Published: April 16, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |