Lucene search
K
RedhatLinux Advanced Workstation

65 matches found

CVE
CVE
added 2004/11/19 5:0 a.m.123 views

CVE-2004-0930

CVE-2004-0930 affects Samba 3.0.4, 3.0.7 (and possibly other versions). The issue is in the ms_fnmatch function, allowing remote authenticated users to cause high CPU denial of service via a SAMBA request containing multiple asterisks (*) in the wildcard pattern. The provided documents confirm th...

5CVSS5.9AI score0.04906EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.108 views

CVE-2004-0889

CVE-2004-0889 involves multiple integer overflows in xpdf 3.0 and in code paths that reuse xpdf (e.g., in CUPS) that can be exploited remotely to crash the service (DoS) and potentially execute arbitrary code. The description confirms a remote impact and the possibility of code execution, tied to...

10CVSS7.3AI score0.06209EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.106 views

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

5CVSS6.3AI score0.02301EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.105 views

CVE-2005-0206

Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.

7.5CVSS6.7AI score0.02986EPSS
CVE
CVE
added 2007/04/06 1:0 a.m.105 views

CVE-2007-1351

CVE-2007-1351 is an integer overflow in the FreeType/bdf loader path: bdfReadCharacters in bdfread.c causes a heap overflow when parsing crafted BDF fonts. Affected products include X.Org libXfont before 20070403 and FreeType 2.3.2 and earlier. Exploitation could lead to remote code execution on ...

8.5CVSS7.7AI score0.05586EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.104 views

CVE-2004-0882

CVE-2004-0882 describes a buffer overflow in Samba 3.0.x through 3.0.7 in the QFILEPATHINFO request handler. The overflow can be triggered by a TRANSACT2_QFILEPATHINFO request with a small maximum data bytes value, potentially allowing a remote attacker to execute arbitrary code on the Samba serv...

10CVSS7.4AI score0.1373EPSS
CVE
CVE
added 2007/04/06 1:0 a.m.104 views

CVE-2007-1352

The CVE-2007-1352 issue is an integer overflow in the FontFileInitTable function of X.Org libXfont before 20070403. The vulnerability allows remote authenticated users to cause a heap overflow by placing a long first line in the fonts.dir file, potentially enabling arbitrary code execution. Affec...

3.8CVSS7.6AI score0.01524EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.101 views

CVE-2004-0803

CVE-2004-0803 affects the libtiff RLE decoders in libtiff 3.6.x and earlier, with buffer overflows and integer overflow issues that could allow a remote attacker to execute arbitrary code by feeding a crafted TIFF file. The connected advisories (RHSA/CESA/CENTA, Slackware/Tenable/NASL entries) in...

7.5CVSS9.8AI score0.08268EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.100 views

CVE-2004-0949

CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...

6.4CVSS7.2AI score0.02626EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.99 views

CVE-2004-1073

The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...

2.1CVSS7AI score0.0081EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.99 views

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

10CVSS6.2AI score0.03855EPSS
CVE
CVE
added 2008/05/23 2:0 p.m.98 views

CVE-2008-1767

CVE-2008-1767: Buffer overflow in libxslt’s pattern.c (versions before 1.1.24) can be triggered by a long XSLT transformation match, leading to a crash or possible arbitrary code execution. Public advisories include Red Hat RHSA-2008:0287, Slackware SSA:2008-210-03, Debian DSA-1589-1, and various...

7.5CVSS7.4AI score0.1279EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.97 views

CVE-2002-2185

The CVE-2002-2185 issue concerns a flaw in IGMP processing in the Linux kernel that could let a local attacker cause a denial of service by sending an IGMP membership report addressed to a target’s Ethernet address rather than the multicast group address. Public advisories (e.g., RHSA-2006:0101 a...

4.9CVSS4.5AI score0.02493EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.97 views

CVE-2005-3626

CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...

5CVSS6.1AI score0.0341EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.96 views

CVE-2004-0883

CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...

6.4CVSS7.6AI score0.04078EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.95 views

CVE-2004-0888

CVE-2004-0888 : Multiple integer overflows in xpdf (v2.0/v3.0) and in code that uses xpdf (e.g., CUPS, gpdf, kdegraphics) allow remote attackers to crash services and possibly execute arbitrary code. Some reports note 64-bit builds can exacerbate the overflow (pdftops/filter path). Remediation is...

10CVSS7.6AI score0.09334EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.94 views

CVE-2004-1072

CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...

7.2CVSS7.5AI score0.00558EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.93 views

CVE-2004-0886

CVE-2004-0886 is a libtiff integer overflow issue (v3.6.1 and earlier) that allows a remote attacker to crash or memory-corrupt a target via crafted TIFF images, due to incorrect malloc calls. Multiple advisories (RH/RHSA, CentOS, Slackware, Mandrake) note libtiff-related fixes; updates/patches e...

5CVSS9.1AI score0.05435EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.93 views

CVE-2004-1070

Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

7.2CVSS7.3AI score0.00508EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.92 views

CVE-2004-0827

CVE-2004-0827 affects ImageMagick 5.x before 5.4.4 and 6.x before 6.0.6.2, with remote denial of service and potential arbitrary code execution via malformed AVI, BMP, or DIB files. Multiple connected advisories (Ubuntu USN-35-1, Debian DSA 547-1, Red Hat RHSA-2004:480/636, etc.) corroborate buff...

7.5CVSS7.5AI score0.05512EPSS
CVE
CVE
added 2006/12/07 11:0 a.m.92 views

CVE-2006-6235

The CVE-2006-6235 vulnerability is a stack overwrite flaw in GnuPG (gpg) affecting 1.x versions before 1.4.6, 2.x before 2.0.2, and 1.9.0–1.9.95. A crafted OpenPGP packet can cause GnuPG to dereference a function pointer from deallocated stack memory, enabling arbitrary code execution. Multiple a...

10CVSS7AI score0.05713EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.89 views

CVE-2004-0904

CVE-2004-0904 : Integer overflow in the BMP decoder can trigger heap-based buffer overflows, enabling remote code execution. Affected products are Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. Remediation is to apply fixes/updates released after the...

10CVSS7.7AI score0.08011EPSS
CVE
CVE
added 2005/04/06 4:0 a.m.88 views

CVE-2005-0988

CVE-2005-0988 describes a race condition in gzip prior to 1.3.5 that affects permission handling during decompression. Specifically, when decompressing a file, a local attacker could exploit a hard-link or timing issue to change the permissions of an arbitrary file (or overwrite it) in the target...

3.7CVSS5.9AI score0.00655EPSS
CVE
CVE
added 2003/06/18 4:0 a.m.85 views

CVE-2003-0434

Vulnerability CVE-2003-0434 affects multiple PDF viewers, notably Adobe Acrobat 5.0 and Xpdf 1.01. The issue arises from shell metacharacters in embedded hyperlinks, allowing remote attackers to execute arbitrary commands when a user opens a specially crafted PDF. Impact is described as remote co...

7.5CVSS7.5AI score0.40942EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.83 views

CVE-2004-0817

CVE-2004-0817 describes multiple heap-based buffer overflows in the imlib BMP image handler that allow remote attackers to execute arbitrary code via a crafted BMP file. Connected advisories confirm the affected component is imlib/imlib2 BMP decoding code and reference vendor/security updates (e....

7.5CVSS7.2AI score0.04871EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.82 views

CVE-2004-0802

CVE-2004-0802 affects imlib2’s BMP loader and is caused by a buffer overflow in the BMP loading path. The vulnerability allows remote attackers to execute arbitrary code by delivering a specially crafted BMP image, and it is confined to imlib2 versions before 1.1.2 (distinct from CVE-2004-0817). ...

5.1CVSS7.5AI score0.0343EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.81 views

CVE-2004-0902

The CVE-2004-0902 entry refers to multiple heap-based buffer overflows in Mozilla Firefox and Mozilla suite components (Firefox before the Preview Release, Mozilla before 1.7.3, Thunderbird before 0.8). The issues allow remote attackers to cause an application crash (DoS) or execute arbitrary cod...

10CVSS7.5AI score0.10139EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.81 views

CVE-2004-0903

CVE-2004-0903 describes a stack-based buffer overflow in the writeGroup function of nsVCardObj.cpp, affecting Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. An attacker could remotely execute arbitrary code by processing malformed VCard attachments d...

10CVSS7.7AI score0.09748EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.81 views

CVE-2004-1068

CVE-2004-1068 involves a missing serialization flaw in the unix_dgram_recvmsg path of Linux kernels 2.4.27 and earlier, and 2.6.x up to 2.6.9. The issue enables local users to potentially gain privileges due to a race condition. The description explicitly states the vulnerability is a local privi...

6.2CVSS7.3AI score0.00388EPSS
CVE
CVE
added 2007/10/11 10:0 a.m.80 views

CVE-2007-5365

CVE-2007-5365 : OpenBSD 4.0–4.2 dhcpd and similar ISC dhcp-2 based implementations suffer a stack-based buffer overflow in cons_options (options.c) that can allow remote attackers to execute code or cause daemon crashes by sending a DHCP request with a max message size smaller than the minimum IP...

7.2CVSS7.8AI score0.80265EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.79 views

CVE-2005-1760

Summary: CVE-2005-1760 affects sysreport up to 1.3.15. When run as root, sysreport includes /etc/sysconfig/rhn/up2date; if a proxy password is configured, that password is written in plaintext in the report, enabling local privilege escalation. Affected software/versions: sysreport 1.3.15 and ear...

7.5CVSS6.6AI score0.01971EPSS
CVE
CVE
added 2006/02/21 7:0 p.m.79 views

CVE-2005-1918

CVE-2005-1918 is a continuation of the GNU tar directory traversal issue. It stems from an incorrect optimization in the backported patch used by Red Hat Enterprise Linux 3 and the 2.1 line, which allowed a crafted tar file (likely using "/../" sequences with a leading "/") to overwrite arbitrary...

2.6CVSS6.2AI score0.02862EPSS
CVE
CVE
added 2003/08/22 4:0 a.m.77 views

CVE-2003-0549

CVE-2003-0549 affects the GNOME Display Manager (GDM) prior to version 2.4.1.6, where the XDMCP feature can be abused to crash the gdm daemon, causing DoS via a short authorization key name. Public records in NVD and vendor advisories describe the issue as stemming from XDMCP handling, with the r...

5CVSS6.4AI score0.01467EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.77 views

CVE-2005-1194

CVE-2005-1194 is a stack-based buffer overflow in nasm up to version 0.98, specifically in ieee_putascii, that could allow arbitrary code execution when processing a crafted assembly file. Multiple vendor advisories (Red Hat RHSA-2005:381; Ubuntu USN-128-1; Debian DSA-623-1; CentOS/CESA-2005:381)...

4.6CVSS7.5AI score0.00507EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.76 views

CVE-2004-1613

CVE-2004-1613 affects Mozilla and related Mozilla-based packages. The issue is a denial-of-service caused by certain HTML constructs (TEXTAREA, INPUT, FRAMESET or IMG) followed by a null character and trailing characters, which can crash the application. Affected releases are addressed in vendor ...

5CVSS6.7AI score0.01653EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.76 views

CVE-2005-0078

CVE-2005-0078 affects KDE screensaver (kscreensaver) prior to KDE 3.0.5. The issue stems from not properly checking the return value of a function call, enabling a local attacker with physical access to cause a crash and potentially take over a locked desktop session. Public sources note upstream...

4.6CVSS6AI score0.00379EPSS
CVE
CVE
added 2004/08/05 4:0 a.m.75 views

CVE-2004-0494

CVE-2004-0494 affects GNOME VFS extfs backend scripts in GNOME VFS prior to 1.0.1, allowing remote attackers to perform unauthorized actions via a gnome-vfs URI. Connected documents confirm affected packages include gnome-vfs, gnome-vfs2 and gnome-vfs2-doc, with vendor advisories: RHSA-2004:373 (...

7.5CVSS6.3AI score0.01625EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.74 views

CVE-2004-1071

The CVE-2004-1071 issue affects the Linux kernel’s binfmt_elf loader (binfmt_elf.c) in kernels 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8. A failed mmap is not handled correctly, leading to an incorrectly mapped image and potential local code execution by unauthorized users. The connected SUSE advi...

7.2CVSS7.4AI score0.00508EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.74 views

CVE-2004-1176

CVE-2004-1176 : A buffer underflow in extfs.c of Midnight Commander (mc) prior to 4.5.56 allows remote attackers to cause a denial of service and possibly execute arbitrary code. Documents consistently describe the issue as a remote vulnerability affecting mc with the buffer underflow in the extf...

7.5CVSS7.1AI score0.03103EPSS
CVE
CVE
added 2004/02/19 5:0 a.m.73 views

CVE-2004-0104

CVE-2004-0104 concerns multiple format string vulnerabilities in Metamail 2.7 and earlier. The connected advisories and OpenVAS entries confirm the flaws reside in the Metamail/MIME handling code and headers, enabling remote attackers to execute arbitrary code with the privileges of the user runn...

7.5CVSS7.2AI score0.2622EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.73 views

CVE-2004-0111

CVE-2004-0111 affects gdk-pixbuf prior to 0.20; processing a malformed BMP can crash the application (denial of service). Debian/Red Hat advisories confirm a fix in newer gdk-pixbuf releases (e.g., RHSA-2004:103 recommends upgrading to a non-vulnerable version such as 0.22). The issue arises in t...

5CVSS6AI score0.02072EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.73 views

CVE-2004-1142

CVE-2004-1142 affects Ethereal versions 0.9.0 through 0.10.7, where a remote attacker can trigger a denial of service (CPU consumption) by sending a malformed SMB packet. The OpenVAS/OSS advisories confirm Ethereal-related fixes and security updates across platforms (e.g., SLES9, Gentoo GLSA GLSA...

5CVSS6.2AI score0.02433EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.73 views

CVE-2004-1145

CVE-2004-1145 affects Konqueror/KDE up to version 3.3.1 where the Java sandbox could be bypassed by JavaScript or Java applets, allowing read/write of arbitrary files. The issue resides in the sandbox restrictions for Java in Konqueror and the FTP kioslave handling in KDE, enabling remote code ex...

5CVSS6.8AI score0.0413EPSS
CVE
CVE
added 2005/03/09 5:0 a.m.73 views

CVE-2005-0699

The CVE-2005-0699 issue affects Ethereal (Wireshark) up to version 0.10.9 and earlier. It arises from multiple buffer overflows in the dissect_a11_radius function of the CDMA A11 dissector (packet-3g-a11.c). This flaw can allow remote attackers to execute arbitrary code by sending crafted RADIUS ...

7.5CVSS7.7AI score0.06453EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.72 views

CVE-2004-1004

CVE-2004-1004 affects Midnight Commander (mc) up to version 4.5.55 with multiple format string vulnerabilities. The provided connected advisories confirm that various distros release patches (e.g., SUSE SLES9 patch 5011441, Gentoo GLSA 200502-24, Debian DSA 639-1) to fix these issues. The CVE ent...

7.5CVSS6.5AI score0.01625EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.72 views

CVE-2004-1005

CVE-2004-1005 refers to multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier. The initial description notes remote attackers could trigger these issues with unknown impact, and connected advisories (e.g., Debian DSA 639-1, Gentoo GLSA 200502-24, SuSE OpenVAS entries) indicate t...

7.5CVSS6.5AI score0.01787EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.71 views

CVE-2002-1323

CVE-2002-1323 concerns Safe.pm (versions <= 2.0.7) used with Perl

4.6CVSS6.2AI score0.00462EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.71 views

CVE-2004-0634

The CVE-2004-0634 issue affects Ethereal (the SMB dissector) with the SMB SID snooping capability, in versions 0.9.15 through 0.10.4. The root cause is a null dereference triggered by a handle without a policy name in SMB processing, allowing a remote attacker to cause a denial of service (proces...

5CVSS6.1AI score0.05275EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.71 views

CVE-2004-0635

CVE-2004-0635 affects Ethereal 0.8.15–0.10.4, where the SNMP dissector is vulnerable. A remote attacker can trigger a denial of service (process crash) via a malformed or missing community string, causing an out-of-bounds read. The description explicitly ties the issue to the SNMP dissector, the ...

5CVSS6.2AI score0.05275EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.71 views

CVE-2004-0905

CVE-2004-0905 affects Mozilla Firefox (before the Preview Release), Mozilla (before 1.7.3), and Thunderbird (before 0.8). The issue enables remote attackers to perform cross-domain scripting and potentially execute arbitrary code by convincing a user to drag and drop javascript: links to a frame ...

4.6CVSS6.8AI score0.03049EPSS
Total number of security vulnerabilities65