OVALdb logo

Professional OVAL Repository

Skip Navigation LinksOVAL > OVAL Definitions

Search Conditions:  Platform: Red Hat Enterprise Linux 4

Page 1 of 69 (2751 items)Prev1234567676869Next
OVALid 
Version 
Title 
Class 
Open filter row popup menu
Open filter row popup menu
Open filter row popup menu
xv
oval:org.mitre.oval:def:168940Sendmail setjmp longjmp bo (Red Hat Internal)vulnerability
oval:org.mitre.oval:def:116566OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.vulnerability
oval:org.mitre.oval:def:105546Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.vulnerability
oval:org.mitre.oval:def:150825Each user must have unique UIDcompliance
oval:org.mitre.oval:def:8088RHE4 XBL Script Security Bypass Vulnerabilityvulnerability
oval:org.mitre.oval:def:7598RHE4 Firefox and Mozilla Framed Site Spoofing Vulnerabilityvulnerability
oval:org.mitre.oval:def:7298RHE4 Firefox and Mozilla DOM Node Spoofingvulnerability
oval:org.mitre.oval:def:5508RHE4 Firefox and Mozilla Shared Object Code Executionvulnerability
oval:org.mitre.oval:def:4178RHE4 InstallVersion.compareTo() DoS and Code Execution Vulnerabilityvulnerability
oval:org.mitre.oval:def:226925DEPRECATED: Red Hat Enterprise Linux 4inventory
oval:org.mitre.oval:def:221138The operating system installed on the system is Red Hat Enterprise Linux 4 for x64inventory
oval:org.mitre.oval:def:173438The operating system installed on the system is Red Hat Enterprise Linux 4 for x86inventory
oval:org.mitre.oval:def:14158RHE4 Mozilla top.focus() Cross-Site Scripting Vulnerabilityvulnerability
oval:org.mitre.oval:def:13138RHE4 Firefox and Mozilla Javascript Dialog Box Spoofingvulnerability
oval:org.mitre.oval:def:13118RHE4 Firefox InstallTrigger Callback Vulnerabilityvulnerability
oval:org.mitre.oval:def:12268RHE4 Improper Handling of Synthetic Events in Mozillavulnerability
oval:org.mitre.oval:def:118318The operating system installed on the system is Red Hat Enterprise Linux 4inventory
oval:org.mitre.oval:def:11248RHE4 Fetchmail Buffer Overflow via Long UIDL Responsesvulnerability
oval:org.mitre.oval:def:10738RHE4 Firefox External App Code Acceptance Vulnerabilityvulnerability
oval:org.mitre.oval:def:999927Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.vulnerability
oval:org.mitre.oval:def:999825Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.vulnerability
oval:org.mitre.oval:def:999627Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.vulnerability
oval:org.mitre.oval:def:999526The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels.vulnerability
oval:org.mitre.oval:def:999427Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.vulnerability
oval:org.mitre.oval:def:999325pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.vulnerability
oval:org.mitre.oval:def:999226Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.vulnerability
oval:org.mitre.oval:def:999126Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.vulnerability
oval:org.mitre.oval:def:999027The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.vulnerability
oval:org.mitre.oval:def:998826Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."vulnerability
oval:org.mitre.oval:def:998626Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.vulnerability
oval:org.mitre.oval:def:998526RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.vulnerability
oval:org.mitre.oval:def:998427The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.vulnerability
oval:org.mitre.oval:def:998326Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".vulnerability
oval:org.mitre.oval:def:998227Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."vulnerability
oval:org.mitre.oval:def:997927Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.vulnerability
oval:org.mitre.oval:def:997826Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.vulnerability
oval:org.mitre.oval:def:997626Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.vulnerability
oval:org.mitre.oval:def:997526Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.vulnerability
oval:org.mitre.oval:def:997327src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.vulnerability
oval:org.mitre.oval:def:997227Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.vulnerability
Page 1 of 69 (2751 items)Prev1234567676869Next

company ALTEX-SOFT 2008-2020, © AO ALTEX-SOFT , ovaldb@altx-soft.com

OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.