Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5752 4 Apache, Canonical, Fedoraproject and 1 more 7 Http Server, Ubuntu Linux, Fedora and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
CVE-2006-5170 3 Debian, Fedoraproject, Redhat 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more 2024-11-21 7.5 HIGH N/A
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVE-2006-5158 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2024-11-21 3.3 LOW 7.5 HIGH
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2024-11-21 4.3 MEDIUM N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2005-2970 4 Apache, Canonical, Fedoraproject and 1 more 6 Http Server, Ubuntu Linux, Fedora Core and 3 more 2024-11-21 5.0 MEDIUM N/A
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVE-2005-1268 3 Apache, Debian, Redhat 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more 2024-11-20 5.0 MEDIUM N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2004-0643 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2024-11-20 4.6 MEDIUM N/A
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVE-2004-0642 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2024-11-20 7.5 HIGH N/A
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0488 3 Apache, Debian, Redhat 4 Http Server, Debian Linux, Enterprise Linux Server and 1 more 2024-11-20 7.5 HIGH N/A
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
CVE-2002-2443 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-20 5.0 MEDIUM N/A
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.