Total
1781 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0003 | 2 Openpegasus, Redhat | 3 Management Server, Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. | |||||
CVE-2008-0597 | 2 Easy Software Products, Redhat | 3 Cups, Desktop, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | |||||
CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2024-02-04 | 4.9 MEDIUM | N/A |
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | |||||
CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2024-02-04 | 1.9 LOW | N/A |
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||
CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2024-02-04 | 2.1 LOW | N/A |
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||
CVE-2007-3739 | 2 Apple, Redhat | 2 Powerpc, Enterprise Linux | 2024-02-04 | 4.7 MEDIUM | N/A |
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | |||||
CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2024-02-04 | 3.3 LOW | N/A |
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2024-02-04 | 7.5 HIGH | N/A |
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
CVE-2007-4137 | 6 Conectiva, Gentoo, Mandrakesoft and 3 more | 8 Linux, Linux, Mandrake Linux and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | |||||
CVE-2007-5365 | 5 Debian, Openbsd, Redhat and 2 more | 7 Debian Linux, Openbsd, Enterprise Linux and 4 more | 2024-02-04 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | |||||
CVE-2007-0771 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-04 | 4.9 MEDIUM | N/A |
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | |||||
CVE-2007-1282 | 2 Mozilla, Redhat | 4 Seamonkey, Thunderbird, Enterprise Linux and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. | |||||
CVE-2007-4130 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 7.2 HIGH | N/A |
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. | |||||
CVE-2007-4574 | 3 Amd, Intel, Redhat | 3 Amd64, Ia64, Enterprise Linux | 2024-02-04 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. | |||||
CVE-2007-1716 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 3.4 LOW | N/A |
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. | |||||
CVE-2007-0980 | 3 Hp, Redhat, Suse | 4 Serviceguard For Linux, Enterprise Linux, Suse Linux and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | |||||
CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2024-02-04 | 10.0 HIGH | N/A |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||||
CVE-2007-0004 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 1.9 LOW | N/A |
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries. | |||||
CVE-2007-5964 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 6.9 MEDIUM | N/A |
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | |||||
CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 2.1 LOW | N/A |
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). |