Enterprise Linux Desktop@4.0 Security Vulnerabilities and Issues — Enterprise Linux Desktop@4.0 CVE List

Lucene search

RedhatEnterprise Linux Desktop4.0

11 matches found

CVE•added 2007/03/30 12:19 a.m.•249 views

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

5CVSS7.2AI score0.13261EPSS

CVE•added 2007/06/27 5:30 p.m.•192 views

CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with bro...

4.3CVSS5.7AI score0.06389EPSS

CVE•added 2007/12/04 12:46 a.m.•100 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS

CVE•added 2007/01/30 5:28 p.m.•96 views

CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

7.5CVSS7.2AI score0.03538EPSS

CVE•added 2007/04/06 1:19 a.m.•87 views

CVE-2007-1352

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

3.8CVSS7.6AI score0.01775EPSS

CVE•added 2007/04/06 1:19 a.m.•77 views

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

8.5CVSS7.7AI score0.07488EPSS

CVE•added 2007/03/06 8:19 p.m.•74 views

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5CVSS7.3AI score0.09983EPSS

CVE•added 2007/07/15 10:30 p.m.•66 views

CVE-2007-3103

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

6.2CVSS5.9AI score0.00078EPSS

CVE•added 2007/02/20 5:28 p.m.•64 views

CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

10CVSS7.4AI score0.12342EPSS

CVE•added 2007/01/30 7:28 p.m.•62 views

CVE-2006-5753

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

7.2CVSS5.9AI score0.00081EPSS

CVE•added 2007/12/03 8:46 p.m.•53 views

CVE-2006-7226

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of ...

4.3CVSS6.1AI score0.01528EPSS