Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Fedora Core
Total 82 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0918 6 Gentoo, Openpkg, Redhat and 3 more 6 Linux, Openpkg, Fedora Core and 3 more 2017-10-10 5.0 MEDIUM N/A
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
CVE-2004-1158 3 Kde, Mandrakesoft, Redhat 3 Konqueror, Mandrake Linux, Fedora Core 2017-10-10 7.5 HIGH N/A
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-0234 8 Clearswift, F-secure, Rarlab and 5 more 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more 2017-10-10 10.0 HIGH N/A
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
CVE-2004-0235 8 Clearswift, F-secure, Rarlab and 5 more 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more 2017-10-10 6.4 MEDIUM N/A
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
CVE-2004-0961 2 Freeradius, Redhat 3 Freeradius, Enterprise Linux, Fedora Core 2017-10-10 5.0 MEDIUM N/A
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
CVE-2004-0557 4 Conectiva, Gentoo, Redhat and 1 more 6 Linux, Linux, Enterprise Linux and 3 more 2017-10-10 10.0 HIGH N/A
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
CVE-2004-0587 3 Mandrakesoft, Redhat, Suse 4 Mandrake Linux, Mandrake Linux Corporate Server, Fedora Core and 1 more 2017-10-10 2.1 LOW N/A
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
CVE-2004-0619 1 Redhat 3 Fedora Core, Kernel, Linux 2017-10-10 7.2 HIGH N/A
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
CVE-2004-0803 9 Apple, Kde, Libtiff and 6 more 13 Mac Os X, Mac Os X Server, Kde and 10 more 2017-10-10 7.5 HIGH N/A
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVE-2004-0827 9 Conectiva, Enlightenment, Imagemagick and 6 more 14 Linux, Imlib, Imlib2 and 11 more 2017-10-10 7.5 HIGH N/A
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVE-2004-0883 5 Linux, Redhat, Suse and 2 more 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more 2017-10-10 6.4 MEDIUM N/A
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
CVE-2004-0914 6 Gentoo, Lesstif, Redhat and 3 more 6 Linux, Lesstif, Fedora Core and 3 more 2017-10-10 10.0 HIGH N/A
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
CVE-2004-0930 5 Conectiva, Gentoo, Redhat and 2 more 8 Linux, Linux, Enterprise Linux and 5 more 2017-10-10 5.0 MEDIUM N/A
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
CVE-2004-0949 5 Linux, Redhat, Suse and 2 more 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more 2017-10-10 6.4 MEDIUM N/A
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
CVE-2004-0960 2 Freeradius, Redhat 3 Freeradius, Enterprise Linux, Fedora Core 2017-10-10 5.0 MEDIUM N/A
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
CVE-2004-0989 5 Redhat, Trustix, Ubuntu and 2 more 6 Fedora Core, Secure Linux, Ubuntu Linux and 3 more 2017-10-10 10.0 HIGH N/A
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
CVE-2005-0085 4 Htdig, Mandrakesoft, Redhat and 1 more 5 Htdig, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2017-10-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
CVE-2005-0206 15 Ascii, Cstex, Debian and 12 more 22 Ptex, Cstetex, Debian Linux and 19 more 2017-10-10 7.5 HIGH N/A
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2007-2030 1 Redhat 2 Enterprise Linux, Fedora Core 2017-07-28 4.9 MEDIUM N/A
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
CVE-2006-5701 2 Linux, Redhat 2 Linux Kernel, Fedora Core 2017-07-19 4.9 MEDIUM N/A
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.