Vulnerabilities > Redhat > Enterprise Linux Desktop > 3.0

DATE CVE VULNERABILITY TITLE RISK
2009-11-04 CVE-2009-3547 Operation on a Resource after Expiration or Release vulnerability in multiple products
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
7.0
2009-08-18 CVE-2009-2848 Improper Privilege Management vulnerability in multiple products
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
5.9
2008-08-27 CVE-2008-3281 XML Entity Expansion vulnerability in multiple products
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
6.5
2008-05-08 CVE-2007-5001 Resource Management Errors vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
local
low complexity
redhat CWE-399
4.9
2007-11-07 CVE-2007-5116 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
7.5
2007-05-02 CVE-2007-1859 Improper Authentication vulnerability in Xscreensaver 4.10
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
local
low complexity
redhat xscreensaver CWE-287
4.6
2007-04-06 CVE-2007-1352 Local Integer Overflow vulnerability in X.Org LibXFont
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
3.8
2007-04-06 CVE-2007-1351 Numeric Errors vulnerability in multiple products
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
8.5
2007-03-30 CVE-2007-1349 Improper Input Validation vulnerability in multiple products
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
network
low complexity
apache canonical redhat CWE-20
5.0
2007-03-06 CVE-2007-1285 Uncontrolled Recursion vulnerability in multiple products
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
network
low complexity
php canonical novell suse redhat CWE-674
7.5