Vulnerabilities > Redhat > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-08 | CVE-2007-6282 | Configuration vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | 7.1 |
2008-04-16 | CVE-2008-0893 | Permissions, Privileges, and Access Controls vulnerability in Redhat Directory Server 8.0 Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. | 7.5 |
2008-03-06 | CVE-2008-1198 | Unspecified vulnerability in Redhat Enterprise Linux 3.0/4.0/5.0 The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. network redhat | 7.1 |
2008-02-25 | CVE-2008-0932 | Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | 7.5 |
2008-02-05 | CVE-2007-4130 | Improper Input Validation vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. | 7.2 |
2007-11-30 | CVE-2007-6181 | Buffer Errors vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71 Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. | 8.5 |
2007-11-07 | CVE-2007-5116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | 7.5 |
2007-11-06 | CVE-2007-4994 | Credentials Management vulnerability in Redhat Certificate Server 7.2 Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | 7.5 |
2007-10-11 | CVE-2007-5365 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | 7.2 |
2007-05-09 | CVE-2007-1864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | 7.5 |