Lucene search

K
RedhatEnterprise Linux

1688 matches found

CVE
CVE
added 2019/11/25 2:15 p.m.55 views

CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

6.5CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2018/10/24 9:29 p.m.55 views

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the...

7.8CVSS7.5AI score0.00078EPSS
CVE
CVE
added 2024/08/19 2:15 a.m.55 views

CVE-2024-44070

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

9.8CVSS6.6AI score0.00286EPSS
CVE
CVE
added 2024/11/12 3:15 a.m.55 views

CVE-2024-49394

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

5.3CVSS5.1AI score0.00042EPSS
CVE
CVE
added 2024/11/12 3:15 a.m.55 views

CVE-2024-49395

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

5.3CVSS5.2AI score0.0005EPSS
CVE
CVE
added 2025/06/09 8:15 p.m.55 views

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, en...

9.8CVSS8.1AI score0.00039EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.54 views

CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

4.6CVSS6.2AI score0.00082EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.54 views

CVE-2004-1139

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.06148EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-1038

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

2.1CVSS5.5AI score0.00102EPSS
CVE
CVE
added 2005/12/22 11:3 a.m.54 views

CVE-2005-3631

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

4.6CVSS5.9AI score0.00052EPSS
CVE
CVE
added 2006/07/27 10:4 p.m.54 views

CVE-2006-2933

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.

4.6CVSS6.4AI score0.00081EPSS
CVE
CVE
added 2007/06/26 6:30 p.m.54 views

CVE-2007-0773

The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

4.6CVSS7AI score0.0012EPSS
CVE
CVE
added 2007/06/14 7:30 p.m.54 views

CVE-2007-3099

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss)...

2.1CVSS6.2AI score0.00226EPSS
CVE
CVE
added 2007/09/05 1:17 a.m.54 views

CVE-2007-3849

Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.

1.9CVSS6.3AI score0.0009EPSS
CVE
CVE
added 2007/10/23 10:46 a.m.54 views

CVE-2007-4574

Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.

4.7CVSS5.6AI score0.00045EPSS
CVE
CVE
added 2007/11/30 2:46 a.m.54 views

CVE-2007-5494

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.

4.9CVSS5.6AI score0.00043EPSS
CVE
CVE
added 2014/06/11 2:55 p.m.54 views

CVE-2014-0249

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

3.3CVSS6.1AI score0.00058EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.53 views

CVE-2003-0548

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

5CVSS6.5AI score0.00602EPSS
CVE
CVE
added 2003/12/15 5:0 a.m.53 views

CVE-2003-0859

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

4.9CVSS6AI score0.00054EPSS
CVE
CVE
added 2006/02/27 11:0 p.m.53 views

CVE-2003-0986

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

1.7CVSS6.2AI score0.00055EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.53 views

CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2CVSS7.4AI score0.00052EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5CVSS6.2AI score0.0106EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.53 views

CVE-2004-1142

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

5CVSS6.2AI score0.08831EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

7.5CVSS7.2AI score0.00949EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.53 views

CVE-2005-0091

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

7.2CVSS6.4AI score0.00047EPSS
CVE
CVE
added 2005/03/07 5:0 a.m.53 views

CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

5.1CVSS7.6AI score0.0334EPSS
CVE
CVE
added 2005/10/25 5:6 p.m.53 views

CVE-2005-2100

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

2.1CVSS7.1AI score0.00058EPSS
CVE
CVE
added 2007/12/03 8:46 p.m.53 views

CVE-2006-7226

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of ...

4.3CVSS6.1AI score0.01528EPSS
CVE
CVE
added 2008/06/30 9:41 p.m.53 views

CVE-2008-2944

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CV...

4.9CVSS5.8AI score0.01283EPSS
CVE
CVE
added 2008/11/27 12:30 a.m.53 views

CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

6CVSS6AI score0.00556EPSS
CVE
CVE
added 2011/02/24 9:0 p.m.53 views

CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit t...

6.9CVSS6.7AI score0.00044EPSS
CVE
CVE
added 2019/11/12 2:15 p.m.53 views

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

9.8CVSS9.6AI score0.00985EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.53 views

CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user ...

3.7CVSS6.8AI score0.00142EPSS
CVE
CVE
added 2018/04/12 5:29 p.m.53 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with wri...

8.7CVSS6.8AI score0.00408EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.52 views

CVE-2003-0699

The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.

7.5CVSS6.4AI score0.00576EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.52 views

CVE-2004-0634

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

5CVSS6.1AI score0.10554EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.52 views

CVE-2004-0635

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

5CVSS6.2AI score0.08502EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.52 views

CVE-2004-0946

rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.

10CVSS7.7AI score0.20844EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.52 views

CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.52 views

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary fi...

5CVSS6.8AI score0.06715EPSS
CVE
CVE
added 2005/03/09 5:0 a.m.52 views

CVE-2005-0699

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

7.5CVSS7.7AI score0.04233EPSS
CVE
CVE
added 2007/03/27 10:19 p.m.52 views

CVE-2007-1716

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

3.4CVSS6.3AI score0.00072EPSS
CVE
CVE
added 2013/11/23 11:55 a.m.52 views

CVE-2013-4481

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

1.9CVSS5.6AI score0.00033EPSS
CVE
CVE
added 2025/03/03 5:15 p.m.52 views

CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

5.5CVSS4.5AI score0.00012EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.51 views

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

2.1CVSS7.1AI score0.00063EPSS
CVE
CVE
added 2010/07/02 12:43 p.m.51 views

CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJP...

4.3CVSS6.2AI score0.00584EPSS
CVE
CVE
added 2019/11/27 4:15 p.m.51 views

CVE-2016-4980

A password generation weakness exists in xquest through 2016-06-13.

2.5CVSS3.8AI score0.00129EPSS
CVE
CVE
added 2006/02/28 1:0 a.m.50 views

CVE-2003-1295

Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

2.1CVSS6.5AI score0.00065EPSS
Total number of security vulnerabilities1688