Total
1937 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1423 | 2 Redhat, Xiph.org | 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis | 2017-09-29 | 9.3 HIGH | N/A |
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. | |||||
CVE-2008-1419 | 2 Redhat, Xiph.org | 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis | 2017-09-29 | 4.3 MEDIUM | N/A |
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. | |||||
CVE-2008-1376 | 1 Redhat | 2 Enterprise Linux, Nfs Utils | 2017-09-29 | 7.5 HIGH | N/A |
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2008-1036 | 2 Apple, Redhat | 3 Mac Os X, Mac Os X Server, Enterprise Linux | 2017-09-29 | 4.3 MEDIUM | N/A |
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
CVE-2007-6285 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 6.2 MEDIUM | N/A |
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | |||||
CVE-2007-6282 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 7.1 HIGH | N/A |
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | |||||
CVE-2007-5964 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 6.9 MEDIUM | N/A |
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | |||||
CVE-2007-5496 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2017-09-29 | 1.9 LOW | N/A |
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. | |||||
CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2017-09-29 | 4.4 MEDIUM | N/A |
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | |||||
CVE-2007-5494 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 4.9 MEDIUM | N/A |
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. | |||||
CVE-2007-5001 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 4.9 MEDIUM | N/A |
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. | |||||
CVE-2007-4574 | 3 Amd, Intel, Redhat | 3 Amd64, Ia64, Enterprise Linux | 2017-09-29 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. | |||||
CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2017-09-29 | 1.9 LOW | N/A |
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||
CVE-2007-4130 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 7.2 HIGH | N/A |
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. | |||||
CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2017-09-29 | 3.3 LOW | N/A |
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 1.9 LOW | N/A |
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | |||||
CVE-2007-3739 | 2 Apple, Redhat | 2 Powerpc, Enterprise Linux | 2017-09-29 | 4.7 MEDIUM | N/A |
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | |||||
CVE-2012-0066 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. | |||||
CVE-2012-0042 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2017-09-19 | 2.9 LOW | N/A |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. | |||||
CVE-2012-0041 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. |