Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*
There are 494 matching records.
Displaying matches 481 through 494.
Vuln ID Summary CVSS Severity
CVE-2011-4730

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files.

Published: December 16, 2011; 6:55:08 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-4729

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.

Published: December 16, 2011; 6:55:07 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

Published: December 16, 2011; 6:55:07 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4727

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.

Published: December 16, 2011; 6:55:06 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-4726

Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files.

Published: December 16, 2011; 6:55:06 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4725

Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.

Published: December 16, 2011; 6:55:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-2189

net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.

Published: October 10, 2011; 6:55:05 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2011-1576

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

Published: August 31, 2011; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2011-0714

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function.

Published: May 04, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

Published: February 24, 2011; 4:00:18 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

Published: September 24, 2010; 3:00:04 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2010-1772

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Published: September 24, 2010; 3:00:04 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2010-0727

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.

Published: March 16, 2010; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

Published: February 15, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH