Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-08-18 | CVE-2008-3270 | yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | Enterprise_linux | N/A | ||
| 2008-05-23 | CVE-2008-1767 | Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. | Desktop, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_workstation, Linux_advanced_workstation | N/A | ||
| 2008-05-07 | CVE-2008-1615 | Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | Enterprise_linux, Enterprise_linux_desktop | N/A | ||
| 2008-06-02 | CVE-2008-1036 | The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | Mac_os_x, Mac_os_x_server, Enterprise_linux | N/A | ||
| 2007-12-20 | CVE-2007-6285 | The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | Enterprise_linux | N/A | ||
| 2008-05-07 | CVE-2007-6282 | The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | Enterprise_linux, Enterprise_linux_desktop | N/A | ||
| 2007-12-13 | CVE-2007-5964 | The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | Enterprise_linux | N/A | ||
| 2007-11-30 | CVE-2007-5494 | Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. | Enterprise_linux | N/A | ||
| 2007-10-11 | CVE-2007-5365 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | Debian_linux, Openbsd, Enterprise_linux, Linux_advanced_workstation, Opensolaris, Solaris, Ubuntu_linux | N/A | ||
| 2007-11-07 | CVE-2007-5116 | Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | Perl, Mandrake_multi_network_firewall, Openpkg, Enterprise_linux | N/A |