Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2007-12-18	CVE-2007-6283	Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. local low complexity redhat fedoraproject oracle centos CWE-200	4.9
2007-05-09	CVE-2007-1864	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. network low complexity php debian canonical redhat CWE-119	7.5
2007-03-30	CVE-2007-1349	Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. network low complexity apache canonical redhat CWE-20	5.0
2007-03-06	CVE-2007-1285	Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. network low complexity php canonical novell suse redhat CWE-674	7.5
2007-01-30	CVE-2007-0455	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. network low complexity gd-graphics-library-project php canonical fedoraproject redhat CWE-120	7.5
2006-10-10	CVE-2006-5170	Improper Handling of Exceptional Conditions vulnerability in multiple products pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. network low complexity redhat fedoraproject debian CWE-755	7.5
2006-10-05	CVE-2006-5158	Improper Locking vulnerability in multiple products The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. network low complexity linux redhat canonical CWE-667	7.5
2004-09-28	CVE-2004-0643	Double Free vulnerability in multiple products Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. local low complexity mit debian redhat CWE-415	4.6