The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of RedHat Linux

Squid: denial of service of SNMP agent
By sending malicious data to the SNMP agent of Squid, a network attacker can stop it...
BID-11385, CERTA-2004-AVI-348, CVE-2004-0918, DSA-576, DSA-576-1, FEDORA-2004-338, FEDORA-2008-6045, FLSA-2006:152809, MDKSA-2004:112, RHSA-2004:591, SQUID-2004:3, SQUID-2008:1, SUSE-SR:2008:014, V6-SQUIDSNMPASN1PARSEDOS, VIGILANCE-VUL-4436
PHP: several vulnerabilities
An attacker can use several vulnerabilities of PHP in order to conduct a denial of service, to read a file, or to generate a Cross Site Scripting...
10310, 20060501-01-U, 20060701-01-U, BID-17439, BID-22766, CERTA-2006-AVI-171, CVE-2006-0996, CVE-2006-1494, CVE-2006-1549, CVE-2006-1608, CVE-2007-1325, FEDORA-2006-289, FLSA-2006:175040, MDKSA-2006:074, MDKSA-2007:199, MOPB-02-2007, PMASA-2007-3, RHSA-2006:027, RHSA-2006:0276-01, RHSA-2006:050, RHSA-2006:0501-02, RHSA-2006:056, RHSA-2006:0567-01, RHSA-2006:0568-01, SSA:2006-217-01, SSA:2008-045-03, SUSE-SA:2006:024, TLSA-2006-17, VIGILANCE-VUL-5751
Sendmail: denial of service via a MIME message
An attacker can create an email containing deeply nested MIME in order to exhaust memory space of process...
102460, 20060601-01-P, 20060602-01-U, 373801, 380258, 6424201, BID-18433, c00680632, c00692635, CERTA-2006-AVI-246, CERTA-2006-AVI-336, CVE-2006-1173, DSA-1155-1, DSA-1155-2, DUXKIT1000636-V40FB22-ES-20060519, FEDORA-2006-836, FEDORA-2006-837, FLSA-2006:195418, FreeBSD-SA-06:17.sendmail, HPSBTU02116, HPSBUX02124, MDKSA-2006:104, NetBSD-SA2006-017, RHSA-2006:051, RHSA-2006:0515-01, SA-200605-01, SSA:2006-166-01, SSRT061135, SSRT061159, SUSE-SA:2006:032, T64V51AB-IX-631-SENDMAIL-SSRT-061135, TLSA-2006-9, VIGILANCE-VUL-5924, VU#146718
PHP: several vulnerabilities
Several vulnerabilities permit a PHP author to corrupt memory or to conduct denial of services...
20060701-01-U, CVE-2006-1990, CVE-2006-1991, CVE-2006-7205, FLSA-2006:175040, INFIGO-2006-04-02, MDKSA-2006:091, MDKSA-2006:122, RHSA-2006:050, RHSA-2006:0501-02, RHSA-2006:056, RHSA-2006:0568-01, SSA:2006-217-01, SUSE-SA:2006:031, SUSE-SA:2006:034, TLSA-2006-38, VIGILANCE-VUL-5792
Thunderbird 1.0: several vulnerabilities
Several vulnerabilities were announced in Thunderbird 1.0, the worst one leading to code execution...
102550, 20060404-01-U, 228526, 6424579, c00672120, c00679472, CERTA-2002-AVI-144, CERTA-2006-AVI-156, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-1538, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1739, CVE-2006-1742, DSA-1046-1, DSA-1051-1, FEDORA-2006-486, FEDORA-2006-487, FEDORA-2006-488, FEDORA-2006-489, FEDORA-2006-490, FEDORA-2006-491, FEDORA-2006-492, FEDORA-2006-493, FEDORA-2006-494, FEDORA-2006-495, FLSA:189137-1, FLSA:189672, FLSA-2006:189137-1, FLSA-2006:189672, HPSBTU02118, HPSBUX02122, MDKSA-2006:076, MDKSA-2006:078, MFSA2006-01, MFSA2006-05, MFSA2006-10, MFSA2006-11, MFSA2006-14, MFSA2006-15, MFSA2006-16, MFSA2006-17, MFSA2006-18, MFSA2006-19, MFSA2006-22, MFSA2006-24, MFSA2006-25, MFSA2006-27, RHSA-2006:032, RHSA-2006:0329-01, RHSA-2006:033, RHSA-2006:0330-01, SSA:2006-114-01, SSRT061145, SSRT061158, SUSE-SA:2006:022, VIGILANCE-VUL-5775, ZDI-06-009, ZDI-06-010, ZDI-06-011
Firefox 1.0: several vulnerabilities
Several vulnerabilities were announced in Firefox, the worst one leading to code execution...
102550, 20060404-01-U, 228526, 6424579, BID-17516, c00672120, c00679472, CERTA-2002-AVI-144, CERTA-2006-AVI-156, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, DSA-1044-1, DSA-1046-1, FEDORA-2006-410, FEDORA-2006-486, FEDORA-2006-487, FEDORA-2006-488, FEDORA-2006-489, FEDORA-2006-490, FEDORA-2006-491, FEDORA-2006-492, FEDORA-2006-493, FEDORA-2006-494, FEDORA-2006-495, FLSA:189137-1, FLSA:189137-2, FLSA-2006:189137-1, FLSA-2006:189137-2, HPSBTU02118, HPSBUX02122, MDKSA-2006:075, MDKSA-2006:076, MFSA2006-01, MFSA2006-03, MFSA2006-05, MFSA2006-09, MFSA2006-10, MFSA2006-11, MFSA2006-12, MFSA2006-13, MFSA2006-14, MFSA2006-15, MFSA2006-16, MFSA2006-17, MFSA2006-18, MFSA2006-19, MFSA2006-22, MFSA2006-23, MFSA2006-24, MFSA2006-25, MFSA2006-27, RHSA-2006:032, RHSA-2006:0328-01, RHSA-2006:0329-01, SSA:2006-114-01, SSRT061145, SSRT061158, SUSE-SA:2006:021, VIGILANCE-VUL-5771, ZDI-06-009, ZDI-06-010, ZDI-06-011
PHP: memory reading with html_entity_decode
An attacker can obtain a memory fragment from server using a script containing html_entity_decode()...
10310, 20060501-01-U, BID-17296, CERTA-2006-AVI-134, CERTA-2006-AVI-517, CVE-2006-1490, FLSA-2006:175040, MDKSA-2006:063, RHSA-2006:027, RHSA-2006:0276-01, SUSE-SA:2006:024, VIGILANCE-VUL-5727
Sendmail: code execution via signals
An attacker can connect to a server to generate a race condition in asynchronous signals, and that could lead to code execution...
102262, 200494, 20060302-01-P, 20060401-01-U, 6397275, 6403051, BID-17192, BID-17207, c00692635, CERTA-2002-AVI-006, CERTA-2006-AVI-124, CVE-2006-0058, DSA-1015-1, DUXKIT1000636-V40FB22-ES-20060519, emr_na-c00629555-7, FEDORA-2006-193, FEDORA-2006-194, FLSA-2006:186277, FreeBSD-SA-06:13.sendmail, HPSBTU02116, HPSBUX02108, IY82992, IY82993, IY82994, MDKSA-2006:058, NetBSD-SA2006-010, RHSA-2006:026, RHSA-2006:0264-01, RHSA-2006:0265-01, SSA:2006-081-01, SSRT061133, SSRT061135, SUSE-SA:2006:017, T64V51AB-IX-631-SENDMAIL-SSRT-061135, TLSA-2006-5, VIGILANCE-VUL-5710, VU#834865
GnuPG: injection of unsigned data
An attacker can for example insert data before the signed data, but GnuPG does not detect the change...
20060401-01-U, BID-17058, CERTA-2006-AVI-103, CVE-2006-0049, DSA-993-1, DSA-993-2, FEDORA-2006-147, FLSA:185355, FLSA-2006:185355, MDKSA-2006:055, RHSA-2006:026, RHSA-2006:0266-01, SSA:2006-072-02, SUSE-SA:2006:014, VIGILANCE-VUL-5679
SquirrelMail: several vulnerabilities
Three vulnerabilities of SquirrelMail permit an attacker to conduct a Cross Site Scripting attack or to inject IMAP commands...
10310, 20060501-01-U, BID-16756, CERTA-2006-AVI-095, CVE-2006-0188, CVE-2006-0195, CVE-2006-0377, DSA-988-1, FEDORA-2006-133, FEDORA-2006-134, FLSA:190884, FLSA-2006:190884, MDKSA-2006:049, RHSA-2006:028, RHSA-2006:0283-01, SNS Advisory No.86, SUSE-SR:2006:005, VIGILANCE-VUL-5638
Our database contains other pages. You can request a free trial to read them.