Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-1351 |
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2007-1352 |
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 3.8 LOW |
CVE-2006-7175 |
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. Published: March 27, 2007; 7:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7176 |
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. Published: March 27, 2007; 7:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-1282 |
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. Published: March 05, 2007; 9:19:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0001 |
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2007-1007 |
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Published: February 20, 2007; 12:28:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-0980 |
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. Published: February 15, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-5753 |
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. Published: January 30, 2007; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-6235 |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Published: December 07, 2006; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-5170 |
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. Published: October 10, 2006; 12:06:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-3813 |
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. Published: August 11, 2006; 5:04:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-3624 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-3625 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-3626 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-3629 |
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-3631 |
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. Published: December 22, 2005; 6:03:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2005-2100 |
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). Published: October 25, 2005; 1:06:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-2492 |
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. Published: September 14, 2005; 3:03:00 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2005-1760 |
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. Published: June 13, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |