Filtered by vendor Redhat
Subscribe
Total
5603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0968 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 2.1 LOW | N/A |
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2006-2933 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 4.6 MEDIUM | N/A |
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | |||||
CVE-2005-0472 | 3 Mandrakesoft, Redhat, Rob Flynn | 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. | |||||
CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 5 Http Server, Ubuntu Linux, Debian Linux and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | |||||
CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 3 Konqueror, Mandrake Linux, Fedora Core | 2024-02-28 | 7.5 HIGH | N/A |
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
CVE-2004-0918 | 6 Gentoo, Openpkg, Redhat and 3 more | 6 Linux, Openpkg, Fedora Core and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | |||||
CVE-2005-1760 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. | |||||
CVE-2005-1061 | 2 Logwatch, Redhat | 3 Logwatch, Enterprise Linux, Linux Advanced Workstation | 2024-02-28 | 5.0 MEDIUM | N/A |
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." | |||||
CVE-2004-1072 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 7.2 HIGH | N/A |
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | |||||
CVE-2004-1154 | 4 Redhat, Samba, Suse and 1 more | 4 Fedora Core, Samba, Suse Linux and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | |||||
CVE-2004-1268 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2024-02-28 | 2.1 LOW | N/A |
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. | |||||
CVE-2005-0384 | 4 Redhat, Suse, Trustix and 1 more | 4 Enterprise Linux, Suse Linux, Secure Linux and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. | |||||
CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-28 | 7.5 HIGH | N/A |
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
CVE-2005-0091 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. | |||||
CVE-2004-1074 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 2.1 LOW | N/A |
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary. | |||||
CVE-2004-0961 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. | |||||
CVE-2005-0085 | 4 Htdig, Mandrakesoft, Redhat and 1 more | 5 Htdig, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | |||||
CVE-2004-0930 | 5 Conectiva, Gentoo, Redhat and 2 more | 8 Linux, Linux, Enterprise Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | |||||
CVE-2004-1067 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2024-02-28 | 10.0 HIGH | N/A |
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. |