Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 14173 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0374 2 Padl Software, Redhat 3 Pam Ldap, Enterprise Linux, Linux 2024-11-21 N/A
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
CVE-2002-0363 2 Aladdin Enterprises, Redhat 3 Ghostscript, Enterprise Linux, Linux 2024-11-21 N/A
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
CVE-2002-0180 2 Bradford Barrett, Redhat 3 Webalizer, Enterprise Linux, Linux 2024-11-21 N/A
Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.
CVE-2002-0178 2 Gnu, Redhat 3 Sharutils, Enterprise Linux, Linux 2024-11-21 N/A
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
CVE-2002-0164 2 Caldera, Redhat 4 Openlinux Server, Openlinux Workstation, Enterprise Linux and 1 more 2024-11-21 N/A
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
CVE-2002-0036 2 Mit, Redhat 3 Kerberos 5, Enterprise Linux, Linux 2024-11-21 N/A
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
CVE-2002-0029 3 Astaro, Isc, Redhat 3 Security Linux, Bind, Enterprise Linux 2024-11-21 N/A
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
CVE-2001-1572 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
CVE-2001-1494 3 Avaya, Kernel, Redhat 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more 2024-11-21 5.5 Medium
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
CVE-2001-1413 2 Ncompress, Redhat 2 Ncompress, Enterprise Linux 2024-11-21 N/A
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
CVE-2001-1409 2 Redhat, Xfree86 Project 3 Enterprise Linux, Linux, Xfree86 X Server 2024-11-21 N/A
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
CVE-2001-1269 2 Info-zip, Redhat 3 Unzip, Enterprise Linux, Linux 2024-11-21 N/A
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
CVE-2001-1268 2 Info-zip, Redhat 3 Unzip, Enterprise Linux, Linux 2024-11-21 N/A
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
CVE-2001-1267 2 Gnu, Redhat 3 Tar, Enterprise Linux, Linux 2024-11-21 N/A
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVE-2001-1246 2 Php, Redhat 3 Php, Enterprise Linux, Linux 2024-11-21 N/A
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-1191 2 Htdig Project, Redhat 2 Htdig, Enterprise Linux 2024-11-21 N/A
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
CVE-1999-1572 5 Debian, Freebsd, Mandrakesoft and 2 more 6 Debian Linux, Freebsd, Mandrake Linux and 3 more 2024-11-21 N/A
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
CVE-1999-0710 1 Redhat 2 Enterprise Linux, Linux 2024-11-21 N/A
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
CVE-2024-31449 2 Redhat, Redis 2 Enterprise Linux, Redis 2024-11-19 7 High
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-4134 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-11-19 5.5 Medium
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.