CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux Desktop : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-0241 399 DoS 2013-02-12 2014-02-06
2.1
None Local Low Not required None None Partial
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
2 CVE-2012-6137 255 +Info 2013-05-21 2013-05-22
4.3
None Remote Medium Not required None Partial None
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
3 CVE-2010-0730 20 DoS 2010-05-12 2012-03-19
2.6
None Remote High Not required None None Partial
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.
4 CVE-2008-4315 2008-11-26 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
5 CVE-2008-4313 264 Bypass 2008-11-26 2010-08-21
6.0
None Remote Medium Single system Partial Partial Partial
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
6 CVE-2008-3825 264 +Priv 2008-10-03 2011-02-17
4.4
User Local Medium Not required Partial Partial Partial
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.
7 CVE-2008-2365 362 DoS 2008-06-30 2012-03-19
4.7
None Local Medium Not required None None Complete
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
8 CVE-2008-1951 264 +Priv 2008-06-25 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.
9 CVE-2008-1767 119 DoS Exec Code Overflow 2008-05-23 2012-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
10 CVE-2008-1615 399 DoS 2008-05-07 2012-11-26
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
11 CVE-2007-6282 16 DoS 2008-05-07 2010-08-21
7.1
None Remote Medium Not required None None Complete
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
12 CVE-2007-5001 399 DoS 2008-05-07 2010-08-21
4.9
None Local Low Not required None None Complete
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
13 CVE-2007-4130 20 DoS 2008-02-04 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.
14 CVE-2007-3103 59 1 2007-07-15 2012-10-29
6.2
Admin Local High Not required Complete Complete Complete
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
15 CVE-2007-1352 Exec Code Overflow 2007-04-05 2010-11-30
3.8
None Local Network Medium Single system None Partial Partial
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
16 CVE-2007-1351 189 Exec Code Overflow 2007-04-05 2010-11-30
8.5
Admin Remote Medium Single system Complete Complete Complete
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
17 CVE-2007-1007 DoS Exec Code 2007-02-20 2010-09-15
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
18 CVE-2007-0773 DoS 2007-06-26 2012-10-30
4.6
None Local Low Single system None None Complete
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
19 CVE-2006-7226 DoS 2007-12-03 2010-08-21
4.3
None Remote Medium Not required None None Partial
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
20 CVE-2006-6235 Exec Code 2006-12-07 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
21 CVE-2006-5753 DoS +Priv 2007-01-30 2010-09-15
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
22 CVE-2006-2933 2006-07-27 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
23 CVE-2005-3631 2005-12-22 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.
24 CVE-2005-3625 399 DoS 2005-12-31 2010-10-18
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
25 CVE-2005-3624 189 Overflow 2005-12-31 2010-11-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
26 CVE-2005-2700 Bypass 2005-09-06 2010-08-21
10.0
None Remote Low Not required Complete Complete Complete
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
27 CVE-2005-2100 DoS 2005-10-25 2010-08-21
2.1
None Local Low Not required None None Partial
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
28 CVE-2005-1918 Dir. Trav. 2005-12-31 2010-08-21
2.6
None Remote High Not required None Partial None
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
29 CVE-2005-1760 +Priv 2005-06-13 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
30 CVE-2005-1194 Exec Code Overflow 2005-05-04 2010-08-21
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
31 CVE-2005-0988 2005-05-02 2010-08-21
3.7
None Local High Not required Partial Partial Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
32 CVE-2005-0757 DoS 2005-05-18 2010-08-21
2.1
None Local Low Not required None None Partial
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
33 CVE-2005-0750 +Priv 2005-03-27 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
34 CVE-2005-0736 Overflow 2005-03-09 2010-08-21
2.1
None Local Low Not required None Partial None
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
35 CVE-2005-0699 Exec Code Overflow 2005-03-08 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
36 CVE-2005-0605 Exec Code Overflow 2005-03-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
37 CVE-2005-0473 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
38 CVE-2005-0472 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
39 CVE-2005-0403 DoS 2005-09-01 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
40 CVE-2005-0398 DoS 2005-03-14 2010-08-21
5.0
None Remote Low Not required None None Partial
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
41 CVE-2005-0337 Bypass 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
42 CVE-2005-0207 DoS 2005-05-02 2010-08-21
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
43 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
44 CVE-2005-0156 Exec Code Overflow 2005-02-07 2013-10-23
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
45 CVE-2005-0109 +Info 2005-03-05 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
46 CVE-2005-0092 DoS 2005-02-19 2010-08-21
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
47 CVE-2005-0091 +Priv 2005-05-02 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.
48 CVE-2005-0090 DoS 2005-05-02 2010-08-21
2.1
None Local Low Not required None None Partial
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
49 CVE-2005-0086 DoS Exec Code Overflow 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.
50 CVE-2005-0078 2005-05-02 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
Total number of vulnerabilities : 98   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.