Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
14173 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-0374 | 2 Padl Software, Redhat | 3 Pam Ldap, Enterprise Linux, Linux | 2024-11-21 | N/A |
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name. | ||||
CVE-2002-0363 | 2 Aladdin Enterprises, Redhat | 3 Ghostscript, Enterprise Linux, Linux | 2024-11-21 | N/A |
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | ||||
CVE-2002-0180 | 2 Bradford Barrett, Redhat | 3 Webalizer, Enterprise Linux, Linux | 2024-11-21 | N/A |
Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | ||||
CVE-2002-0178 | 2 Gnu, Redhat | 3 Sharutils, Enterprise Linux, Linux | 2024-11-21 | N/A |
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | ||||
CVE-2002-0164 | 2 Caldera, Redhat | 4 Openlinux Server, Openlinux Workstation, Enterprise Linux and 1 more | 2024-11-21 | N/A |
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | ||||
CVE-2002-0036 | 2 Mit, Redhat | 3 Kerberos 5, Enterprise Linux, Linux | 2024-11-21 | N/A |
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | ||||
CVE-2002-0029 | 3 Astaro, Isc, Redhat | 3 Security Linux, Bind, Enterprise Linux | 2024-11-21 | N/A |
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | ||||
CVE-2001-1572 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. | ||||
CVE-2001-1494 | 3 Avaya, Kernel, Redhat | 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more | 2024-11-21 | 5.5 Medium |
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | ||||
CVE-2001-1413 | 2 Ncompress, Redhat | 2 Ncompress, Enterprise Linux | 2024-11-21 | N/A |
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | ||||
CVE-2001-1409 | 2 Redhat, Xfree86 Project | 3 Enterprise Linux, Linux, Xfree86 X Server | 2024-11-21 | N/A |
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. | ||||
CVE-2001-1269 | 2 Info-zip, Redhat | 3 Unzip, Enterprise Linux, Linux | 2024-11-21 | N/A |
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | ||||
CVE-2001-1268 | 2 Info-zip, Redhat | 3 Unzip, Enterprise Linux, Linux | 2024-11-21 | N/A |
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | ||||
CVE-2001-1267 | 2 Gnu, Redhat | 3 Tar, Enterprise Linux, Linux | 2024-11-21 | N/A |
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | ||||
CVE-2001-1246 | 2 Php, Redhat | 3 Php, Enterprise Linux, Linux | 2024-11-21 | N/A |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | ||||
CVE-2000-1191 | 2 Htdig Project, Redhat | 2 Htdig, Enterprise Linux | 2024-11-21 | N/A |
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | ||||
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2024-11-21 | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | ||||
CVE-1999-0710 | 1 Redhat | 2 Enterprise Linux, Linux | 2024-11-21 | N/A |
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. | ||||
CVE-2024-31449 | 2 Redhat, Redis | 2 Enterprise Linux, Redis | 2024-11-19 | 7 High |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-4134 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-19 | 5.5 Medium |
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service. |