Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2012-1823 [CRITICAL] CWE-77 CVE-2012-1823: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (ak sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for

CVE-2011-3045 [HIGH] CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

CVE-2012-0031 [MEDIUM] CVE-2012-0031: scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVE-2011-1776 [MEDIUM] CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check th The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecti

CVE-2011-3389 [MEDIUM] CWE-326 CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Expl The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA)

CVE-2011-1163 [LOW] CWE-20 CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properl The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

CVE-2011-0695 [MEDIUM] CWE-362 CVE-2011-0695: Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

CVE-2011-0711 [LOW] CWE-200 CVE-2011-0711: The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does n The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

CVE-2010-4649 [MEDIUM] CWE-190 CVE-2010-4649: Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Li Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

CVE-2011-1044 [LOW] CVE-2011-1044: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2. The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.

CVE-2009-2698 [HIGH] CWE-476 CVE-2009-2698: The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in t The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

CVE-2009-2692 [HIGH] CWE-908 CVE-2009-2692: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all functio The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, a

CVE-2009-1891 [HIGH] CWE-400 CVE-2009-1891: The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion ev The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

CVE-2009-1890 [HIGH] CWE-400 CVE-2009-1890: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.

CVE-2009-1837 [HIGH] CWE-362 CVE-2009-1837: Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

CVE-2009-0834 [LOW] CVE-2009-0834: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform doe The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.