Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0893 | 1 Redhat | 1 Directory Server | 2017-08-07 | 7.5 HIGH | N/A |
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. | |||||
CVE-2008-0890 | 1 Redhat | 1 Directory Server | 2017-08-07 | 4.6 MEDIUM | N/A |
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | |||||
CVE-2008-0073 | 2 Redhat, Xine | 2 Fedora, Xine-lib | 2017-08-07 | 6.8 MEDIUM | N/A |
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | |||||
CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2017-08-07 | 5.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | |||||
CVE-2015-3198 | 1 Redhat | 1 Jboss Wildfly Application Server | 2017-08-07 | 5.0 MEDIUM | 7.5 HIGH |
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. | |||||
CVE-2008-0008 | 3 Mandrakesoft, Pulseaudio, Redhat | 3 Mandrake Linux, Pulseaudio, Fedora | 2017-07-28 | 7.2 HIGH | N/A |
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. | |||||
CVE-2007-5079 | 1 Redhat | 1 Linux | 2017-07-28 | 6.0 MEDIUM | N/A |
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2007-3373 | 1 Redhat | 1 Cluster Suite | 2017-07-28 | 5.0 MEDIUM | N/A |
daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests. | |||||
CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2017-07-28 | 4.9 MEDIUM | N/A |
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | |||||
CVE-2016-7796 | 3 Novell, Redhat, Systemd Project | 9 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 6 more | 2017-07-27 | 4.9 MEDIUM | 5.5 MEDIUM |
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | |||||
CVE-2006-5701 | 2 Linux, Redhat | 2 Linux Kernel, Fedora Core | 2017-07-19 | 4.9 MEDIUM | N/A |
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | |||||
CVE-2006-0451 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 5.0 MEDIUM | N/A |
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite. | |||||
CVE-2006-0452 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 5.0 MEDIUM | N/A |
dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite. | |||||
CVE-2006-0453 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 7.8 HIGH | N/A |
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite. | |||||
CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-18 | 7.5 HIGH | N/A |
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2017-07-10 | 7.5 HIGH | N/A |
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||||
CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-10 | 10.0 HIGH | N/A |
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
CVE-2004-1067 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2017-07-10 | 10.0 HIGH | N/A |
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. | |||||
CVE-2004-0974 | 3 Mandrakesoft, Netatalk, Redhat | 4 Mandrake Linux, Mandrake Linux Corporate Server, Open Source Apple File Share Protocol Suite and 1 more | 2017-07-10 | 2.1 LOW | N/A |
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-10 | 5.1 MEDIUM | N/A |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |