CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3551 CVE-2008-2929 79 XSS 2008-08-29 2017-09-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
3552 CVE-2008-2928 119 DoS Exec Code Overflow 2008-08-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.
3553 CVE-2008-2368 255 2009-01-20 2017-08-08
2.1
None Local Low Not required Partial None None
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
3554 CVE-2008-2367 264 2009-01-20 2017-08-08
2.1
None Local Low Not required Partial None None
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
3555 CVE-2008-2365 362 DoS 2008-06-30 2018-10-30
4.7
None Local Medium Not required None None Complete
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
3556 CVE-2008-2359 16 +Priv 2008-06-02 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.
3557 CVE-2008-1951 264 +Priv 2008-06-25 2017-09-29
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.
3558 CVE-2008-1945 2008-08-08 2020-12-16
2.1
None Local Low Not required Partial None None
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
3559 CVE-2008-1767 119 DoS Exec Code Overflow 2008-05-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
3560 CVE-2008-1677 119 DoS Exec Code Overflow 2008-05-12 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
3561 CVE-2008-1198 16 2008-03-06 2018-01-06
7.1
None Remote Medium Not required Complete None None
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
3562 CVE-2008-1036 79 XSS 2008-06-02 2017-09-29
4.3
None Remote Medium Not required None Partial None
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
3563 CVE-2008-0893 264 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
3564 CVE-2008-0892 20 Exec Code 2008-04-16 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
3565 CVE-2008-0890 264 Exec Code 2008-03-12 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.
3566 CVE-2008-0595 264 Bypass 2008-02-29 2018-10-15
4.6
None Local Low Not required Partial Partial Partial
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
3567 CVE-2007-6285 16 2007-12-20 2017-09-29
6.2
None Local High Not required Complete Complete Complete
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
3568 CVE-2007-6284 399 DoS 2008-01-12 2018-10-15
5.0
None Remote Low Not required None None Partial
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
3569 CVE-2007-6283 200 DoS +Info 2007-12-18 2017-09-29
4.9
None Local Low Not required None None Complete
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
3570 CVE-2007-6282 16 DoS 2008-05-08 2017-09-29
7.1
None Remote Medium Not required None None Complete
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
3571 CVE-2007-6206 200 +Info 2007-12-04 2020-08-12
2.1
None Local Low Not required Partial None None
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
3572 CVE-2007-6181 119 Exec Code Overflow 2007-11-30 2018-10-26
8.5
None Remote Medium ??? Complete Complete Complete
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
3573 CVE-2007-6131 16 2007-11-26 2011-03-08
2.1
None Local Low Not required None Partial None
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
3574 CVE-2007-5964 16 +Priv 2007-12-13 2017-09-29
6.9
None Local Medium Not required Complete Complete Complete
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
3575 CVE-2007-5961 79 XSS 2008-05-23 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
3576 CVE-2007-5503 189 Exec Code Overflow 2007-11-30 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
3577 CVE-2007-5494 399 DoS 2007-11-30 2017-09-29
4.9
None Local Low Not required None None Complete
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
3578 CVE-2007-5365 119 DoS Exec Code Overflow 2007-10-11 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
3579 CVE-2007-5079 Bypass 2007-09-25 2017-07-29
6.0
None Remote Medium ??? Partial Partial Partial
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.
3580 CVE-2007-5001 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
3581 CVE-2007-4994 255 Bypass 2007-11-06 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
3582 CVE-2007-4136 DoS 2007-11-14 2017-09-29
5.0
None Remote Low Not required None None Partial
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
3583 CVE-2007-4134 22 Dir. Trav. 2007-08-30 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
3584 CVE-2007-4132 Exec Code 2007-08-30 2008-11-15
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."
3585 CVE-2007-4130 20 DoS 2008-02-05 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.
3586 CVE-2007-3849 264 Bypass 2007-09-05 2017-09-29
1.9
None Local Medium Not required None Partial None
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
3587 CVE-2007-3379 DoS 2007-09-17 2017-10-11
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.
3588 CVE-2007-3374 119 DoS Exec Code Overflow 2007-06-25 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.
3589 CVE-2007-3373 119 Overflow +Info 2007-06-25 2017-07-29
5.0
None Remote Low Not required Partial None None
daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.
3590 CVE-2007-3103 59 2007-07-15 2018-10-16
6.2
None Local High Not required Complete Complete Complete
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
3591 CVE-2007-3099 DoS 2007-06-14 2017-10-11
2.1
None Local Low Not required None None Partial
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
3592 CVE-2007-2874 Exec Code Overflow 2007-07-27 2011-03-08
5.8
None Remote Medium Not required None Partial Partial
Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.
3593 CVE-2007-2834 189 Exec Code Overflow 2007-09-18 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
3594 CVE-2007-2030 2007-04-16 2017-07-29
4.9
None Local Low Not required Complete None None
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
3595 CVE-2007-1865 189 +Info 2007-09-18 2008-11-13
1.9
None Local Medium Not required Partial None None
** DISPUTED ** The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer."
3596 CVE-2007-1864 119 Overflow 2007-05-09 2019-05-22
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
3597 CVE-2007-1716 +Priv 2007-03-27 2017-10-11
3.4
None Local High ??? Partial Partial Partial
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
3598 CVE-2007-1352 Exec Code Overflow 2007-04-06 2018-10-16
3.8
None Local Network Medium ??? None Partial Partial
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
3599 CVE-2007-1351 189 Exec Code Overflow 2007-04-06 2018-10-16
8.5
None Remote Medium ??? Complete Complete Complete
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
3600 CVE-2007-1349 20 DoS 2007-03-30 2020-10-09
5.0
None Remote Low Not required None None Partial
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 (This Page)73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.