Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-11 | CVE-2008-5422 | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 7.5 |
| 2008-08-29 | CVE-2008-3283 | Resource Management Errors vulnerability in multiple products Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | 7.8 |
| 2008-08-29 | CVE-2008-2930 | Resource Management Errors vulnerability in multiple products Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. | 7.1 |
| 2008-08-01 | CVE-2008-1376 | Permissions, Privileges, and Access Controls vulnerability in Redhat NFS Utils 1.0.9 A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | 7.5 |
| 2008-07-28 | CVE-2008-3323 | Improper Input Validation vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71 setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package. | 7.6 |
| 2008-06-02 | CVE-2008-2359 | Configuration vulnerability in multiple products The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | 7.2 |
| 2008-05-23 | CVE-2008-1767 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat products Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. | 7.5 |
| 2008-05-14 | CVE-2008-1944 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN 3.0/3.0.3 Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." https://bugzilla.redhat.com/show_bug.cgi?id=443078 "The PVFB backend is a user space program running as root in dom0" | 7.2 |
| 2008-05-12 | CVE-2008-1677 | Classic Buffer Overflow vulnerability in Redhat Directory Server and Fedora Directory Server Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. | 7.5 |
| 2008-05-08 | CVE-2008-2112 | Privilege Escalation vulnerability in SUN RAY Server Software 4.0 Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | 8.5 |