Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-24 | CVE-2011-3363 | Improper Input Validation vulnerability in multiple products The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. | 6.5 |
| 2012-05-17 | CVE-2011-4097 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | 5.5 |
| 2012-05-17 | CVE-2011-3637 | NULL Pointer Dereference vulnerability in multiple products The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. | 5.5 |
| 2012-04-11 | CVE-2012-0066 | Improper Input Validation vulnerability in multiple products Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. | 4.3 |
| 2012-04-11 | CVE-2012-0041 | Improper Input Validation vulnerability in multiple products The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. | 4.3 |
| 2011-12-16 | CVE-2011-4748 | Information Exposure vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09 The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. | 5.0 |
| 2011-12-16 | CVE-2011-4747 | Cryptographic Issues vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09 The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list. | 5.0 |
| 2011-12-16 | CVE-2011-4746 | Cryptographic Issues vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09 The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses. | 5.0 |
| 2011-12-16 | CVE-2011-4745 | Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09 Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files. | 4.3 |
| 2011-12-16 | CVE-2011-4742 | Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. | 5.0 |