OVALdb logo

Professional OVAL Repository

Skip Navigation LinksOVAL > OVAL Definitions

Search Conditions:  Platform: Red Hat Enterprise Linux 3

Page 1 of 52 (2057 items)Предыдущая1234567505152Следующая
OVALid 
Version 
Title 
Class 
Open filter row popup menu
Open filter row popup menu
Open filter row popup menu
xv
oval:org.mitre.oval:def:97038CVS pserver BOvulnerability
oval:org.mitre.oval:def:90538Red Hat Enterprise 3 Ethereal Denial of Service via 0-Length Presentation Protocol Selectorvulnerability
oval:org.mitre.oval:def:88738Multiple BO Vulnerabilities in Red Hat Enterprise 3 Etherealvulnerability
oval:org.mitre.oval:def:86141rpc.mountd Denial of Service via NFS Mountvulnerability
oval:org.mitre.oval:def:29614Multiple Privilege Escalation Vulnerabilities in Linux Kernelvulnerability
oval:org.mitre.oval:def:12814RHE3 Firefox InstallTrigger Callback Vulnerabilityvulnerability
oval:org.mitre.oval:def:12684RHE3 Firefox and Mozilla Javascript Dialog Box Spoofingvulnerability
oval:org.mitre.oval:def:2175515RHSA-2010:0029: krb5 security update (Critical)patch
oval:ru.altx-soft.nix:def:16926Обновление RHSA-2010:0488: устранение уязвимостей в samba и samba3x (критичное)patch
oval:ru.altx-soft.nix:def:81766Обновление RHSA-2009:1646 : устранение уязвимостей в libtool (умеренное)patch
oval:org.mitre.oval:def:11952Multiple Buffer Overflows in libgdvulnerability
oval:org.mitre.oval:def:10067SquirrelMail Cross-site Scripting Vulnerability Ivulnerability
oval:org.mitre.oval:def:10034CVS serve_notify Improper Handling of Empty Data Linesvulnerability
oval:org.mitre.oval:def:999123Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.vulnerability
oval:org.mitre.oval:def:998323Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".vulnerability
oval:org.mitre.oval:def:994323Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.vulnerability
oval:org.mitre.oval:def:992523Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.vulnerability
oval:org.mitre.oval:def:986524The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.vulnerability
oval:org.mitre.oval:def:983924Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.vulnerability
oval:org.mitre.oval:def:977923The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.vulnerability
oval:org.mitre.oval:def:966123Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.vulnerability
oval:org.mitre.oval:def:9944CVS error_prog_name Double-free Vulnerabilityvulnerability
oval:org.mitre.oval:def:83839Red Hat Enterprise 3 Mutt BO in Index Menuvulnerability
oval:org.mitre.oval:def:11724RHE3 Firefox External App Code Acceptance Vulnerabilityvulnerability
oval:org.mitre.oval:def:2202192RHSA-2010:0625: wireshark security update (Moderate)patch
oval:org.mitre.oval:def:2191966RHSA-2010:0101: openoffice.org security update (Important)patch
oval:com.altx-soft.nix:def:214834EOL: Unsupported OS Red Hat Enterprise Linux 3patch
oval:org.mitre.oval:def:11544bzip2 Arbitrary File Permission Modification Vulnerabilityvulnerability
oval:org.mitre.oval:def:11394Telnet Client Information Disclosure Vulnerabilityvulnerability
oval:org.mitre.oval:def:117828The operating system installed on the system is Red Hat Enterprise Linux 3inventory
oval:org.mitre.oval:def:998224Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."vulnerability
oval:org.mitre.oval:def:997224Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.vulnerability
oval:org.mitre.oval:def:996223scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.vulnerability
oval:org.mitre.oval:def:995524ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.vulnerability
oval:org.mitre.oval:def:994723PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.vulnerability
oval:org.mitre.oval:def:992323Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.vulnerability
oval:org.mitre.oval:def:988623Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.vulnerability
oval:org.mitre.oval:def:982424cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.vulnerability
oval:org.mitre.oval:def:981824Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.vulnerability
oval:org.mitre.oval:def:964624The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.vulnerability
Page 1 of 52 (2057 items)Предыдущая1234567505152Следующая

company ALTEX-SOFT 2008-2019, © AO ALTEX-SOFT , ovaldb@altx-soft.com

OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.