OVALdb logo

Professional OVAL Repository

Skip Navigation LinksOVAL > OVAL Definitions

Search Conditions:  Platform: Red Hat Enterprise Linux 3

Page 1 of 52 (2059 items)Prev1234567505152Next
Open filter row popup menu
Open filter row popup menu
Open filter row popup menu
oval:org.mitre.oval:def:86238Red Hat Enterprise 3 sysstat port and trigger Scripts symlink Attack Vulnerabilityvulnerability
oval:org.mitre.oval:def:12602Integer Overflow in libgd2vulnerability
oval:org.mitre.oval:def:11174mlock Memory Page Tracking Vulnerabilityvulnerability
oval:org.mitre.oval:def:101337Red Hat Enterprise 3 Kernel Real Time Clock Data Leakagevulnerability
oval:org.mitre.oval:def:989024Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.vulnerability
oval:org.mitre.oval:def:987325The jar protocol handler in Mozilla Firefox before and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.vulnerability
oval:org.mitre.oval:def:978725Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.vulnerability
oval:org.mitre.oval:def:976125Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.vulnerability
oval:org.mitre.oval:def:973724KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.vulnerability
oval:org.mitre.oval:def:972724The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.vulnerability
oval:org.mitre.oval:def:972425Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.vulnerability
oval:org.mitre.oval:def:969724io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.vulnerability
oval:org.mitre.oval:def:969025Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.vulnerability
oval:org.mitre.oval:def:968125Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.vulnerability
oval:org.mitre.oval:def:963125The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.vulnerability
oval:org.mitre.oval:def:961323unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.vulnerability
oval:org.mitre.oval:def:959624zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.vulnerability
oval:org.mitre.oval:def:959325Mozilla Firefox before and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.vulnerability
oval:org.mitre.oval:def:958724prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.vulnerability
oval:org.mitre.oval:def:953925Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.vulnerability
oval:org.mitre.oval:def:952224sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.vulnerability
oval:org.mitre.oval:def:950625libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.vulnerability
oval:org.mitre.oval:def:949526rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.vulnerability
oval:org.mitre.oval:def:945325The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).vulnerability
oval:org.mitre.oval:def:926226Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.vulnerability
oval:org.mitre.oval:def:924825The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).vulnerability
oval:org.mitre.oval:def:911824Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.vulnerability
oval:org.mitre.oval:def:897826Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.vulnerability
oval:org.mitre.oval:def:888826** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.vulnerability
oval:org.mitre.oval:def:94038Linux Kernel ISO9660 File System Component BOvulnerability
oval:org.mitre.oval:def:86941Net-SNMP MIB Information Disclosure Vulnerabilityvulnerability
oval:org.mitre.oval:def:86638Red Hat Enterprise 3 CVS Server root Directory Access Vulnerabilityvulnerability
oval:org.mitre.oval:def:84538Red Hat Enterprise 3 gdk-pixbuf Denial of Servicevulnerability
oval:org.mitre.oval:def:82639RedHat Enterprise 3 Code Execution and DoS Vulnerabilities in PWLibvulnerability
oval:ru.altx-soft.nix:def:15963Обновление RHSA-2010:0490: устранение уязвимостей в cups (важное)patch
oval:ru.altx-soft.nix:def:21663Обновление RHSA-2010:0360: устранение уязвимостей в wireshark (умеренное)patch
oval:ru.altx-soft.nix:def:81783Обновление RHSA-2009:1625 : устранение уязвимостей в expat (умеренное)patch
oval:ru.altx-soft.nix:def:82903Обновление RHSA-2009:0057 : устранение уязвимостей в squirrelmail (важное)patch
oval:org.mitre.oval:def:2903015RHSA-2008:0884 -- libxml2 security update (Important)patch
oval:org.mitre.oval:def:291115RHSA-2009:1426 -- openoffice.org security update (Important)patch
Page 1 of 52 (2059 items)Prev1234567505152Next

company ALTEX-SOFT 2008-2020, © AO ALTEX-SOFT , ovaldb@altx-soft.com

OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.