Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-06-05 CVE-2012-1798 Out-of-bounds Read vulnerability in multiple products
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
network
low complexity
imagemagick debian redhat opensuse CWE-125
6.5
2012-06-05 CVE-2012-0260 Resource Exhaustion vulnerability in multiple products
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
6.5
2012-06-05 CVE-2012-0248 Infinite Loop vulnerability in multiple products
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
local
low complexity
imagemagick debian canonical redhat CWE-835
5.5
2012-05-24 CVE-2011-3363 Improper Input Validation vulnerability in multiple products
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
low complexity
linux redhat CWE-20
6.5
2012-05-17 CVE-2012-1090 Improper Input Validation vulnerability in multiple products
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
local
low complexity
linux redhat suse CWE-20
5.5
2012-05-17 CVE-2011-4097 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
local
low complexity
linux redhat CWE-190
5.5
2012-05-17 CVE-2011-3637 NULL Pointer Dereference vulnerability in multiple products
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
local
low complexity
linux redhat CWE-476
5.5
2011-09-06 CVE-2011-1776 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
low complexity
linux redhat CWE-119
6.1
2010-06-22 CVE-2010-1637 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
network
low complexity
squirrelmail fedoraproject apple redhat CWE-918
6.5
2010-04-28 CVE-2010-0738 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 4.2.0/4.3.0
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
network
low complexity
redhat
5.3