CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3751 CVE-2004-0497 2004-12-06 2017-10-11
2.1
None Local Low Not required None Partial None
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
3752 CVE-2004-0495 +Priv 2004-08-06 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
3753 CVE-2004-0494 2004-11-23 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
3754 CVE-2004-0491 2004-12-31 2017-10-11
2.1
None Local Low Not required None Partial None
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
3755 CVE-2004-0461 DoS Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
3756 CVE-2004-0460 DoS Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
3757 CVE-2004-0421 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
3758 CVE-2004-0415 2004-11-23 2017-10-11
2.1
None Local Low Not required Partial None None
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
3759 CVE-2004-0235 Dir. Trav. 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
3760 CVE-2004-0234 119 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
3761 CVE-2004-0112 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
3762 CVE-2004-0111 DoS 2004-04-15 2017-10-10
5.0
None Remote Low Not required None None Partial
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
3763 CVE-2004-0108 2004-04-15 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
3764 CVE-2004-0107 2004-04-15 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
3765 CVE-2004-0105 Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
3766 CVE-2004-0104 Exec Code 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
3767 CVE-2004-0081 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
3768 CVE-2004-0079 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
3769 CVE-2004-0077 +Priv 2004-03-03 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
3770 CVE-2003-1295 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
3771 CVE-2003-1138 2003-10-27 2008-09-05
5.0
None Remote Low Not required Partial None None
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3772 CVE-2003-0989 DoS 2004-02-17 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
3773 CVE-2003-0986 DoS 2003-12-31 2017-10-11
1.7
None Local Low ??? None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
3774 CVE-2003-0962 Exec Code Overflow 2003-12-15 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
3775 CVE-2003-0859 DoS 2003-12-15 2017-10-11
4.9
None Local Low Not required None None Complete
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
3776 CVE-2003-0857 264 DoS 2003-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
3777 CVE-2003-0700 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
3778 CVE-2003-0699 2003-08-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
3779 CVE-2003-0689 DoS Exec Code Overflow 2003-10-20 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
3780 CVE-2003-0688 DoS 2003-10-20 2018-05-03
5.0
None Remote Low Not required None None Partial
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
3781 CVE-2003-0686 Exec Code Overflow 2003-10-20 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
3782 CVE-2003-0552 2003-08-27 2017-10-11
5.0
None Remote Low Not required None Partial None
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
3783 CVE-2003-0551 DoS 2003-08-27 2017-10-11
5.0
None Remote Low Not required None None Partial
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
3784 CVE-2003-0550 2003-08-27 2017-10-11
5.0
None Remote Low Not required None Partial None
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
3785 CVE-2003-0549 DoS 2003-08-27 2017-10-11
5.0
None Remote Low Not required None None Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
3786 CVE-2003-0548 DoS 2003-08-27 2017-10-11
5.0
None Remote Low Not required None None Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
3787 CVE-2003-0547 2003-08-27 2017-10-11
2.1
None Local Low Not required Partial None None
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
3788 CVE-2003-0546 2003-08-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
3789 CVE-2003-0539 2003-08-18 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
3790 CVE-2003-0466 Exec Code Overflow 2003-08-27 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
3791 CVE-2003-0464 2003-08-27 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.
3792 CVE-2003-0461 +Info 2003-08-27 2017-10-11
2.1
None Local Low Not required Partial None None
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
3793 CVE-2003-0459 2003-08-27 2017-10-11
5.0
None Remote Low Not required Partial None None
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
3794 CVE-2003-0442 XSS 2003-07-24 2018-05-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
3795 CVE-2003-0434 Exec Code 2003-07-24 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
3796 CVE-2003-0370 2003-06-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
3797 CVE-2003-0364 DoS 2003-06-16 2017-10-11
5.0
None Remote Low Not required None None Partial
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
3798 CVE-2003-0354 Exec Code 2003-06-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
3799 CVE-2003-0248 2003-06-16 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
3800 CVE-2003-0247 DoS 2003-06-16 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 (This Page)77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.