Linux Security Vulnerabilities and Issues — Page 3 of Linux CVE List

Lucene search

RedhatLinux

229 matches found

CVE•added 2000/04/27 4:0 a.m.•50 views

CVE-1999-0706

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

7.5CVSS7AI score0.00862EPSS

CVE•added 2000/01/04 5:0 a.m.•50 views

CVE-1999-0868

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

7.2CVSS8.2AI score0.00168EPSS

CVE•added 2001/05/07 4:0 a.m.•50 views

CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

5CVSS6.6AI score0.00439EPSS

CVE•added 2001/06/27 4:0 a.m.•50 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01437EPSS

CVE•added 2003/04/02 5:0 a.m.•50 views

CVE-2002-0506

Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.

7.2CVSS8.2AI score0.00228EPSS

CVE•added 1999/09/29 4:0 a.m.•49 views

CVE-1999-0130

Local users can start Sendmail in daemon mode and gain root privileges.

7.2CVSS7AI score0.00886EPSS

CVE•added 2000/07/12 4:0 a.m.•49 views

CVE-2000-0336

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00042EPSS

CVE•added 2000/07/12 4:0 a.m.•49 views

CVE-2000-0389

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

10CVSS7.3AI score0.11008EPSS

CVE•added 2000/07/12 4:0 a.m.•49 views

CVE-2000-0390

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

10CVSS7.6AI score0.08485EPSS

CVE•added 2000/07/19 4:0 a.m.•49 views

CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2CVSS7.2AI score0.00063EPSS

CVE•added 2005/04/21 4:0 a.m.•49 views

CVE-2000-1220

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

10CVSS7.1AI score0.0313EPSS

CVE•added 2001/09/18 4:0 a.m.•49 views

CVE-2001-0473

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

7.5CVSS7.3AI score0.00811EPSS

CVE•added 2002/03/09 5:0 a.m.•49 views

CVE-2001-0641

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

4.6CVSS7.5AI score0.00253EPSS

CVE•added 2002/06/25 4:0 a.m.•49 views

CVE-2002-0002

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

7.5CVSS7.4AI score0.14916EPSS

CVE•added 2002/06/25 4:0 a.m.•49 views

CVE-2002-0045

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

7.5CVSS6.3AI score0.03236EPSS

CVE•added 2004/09/01 4:0 a.m.•49 views

CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

7.5CVSS7.4AI score0.12437EPSS

CVE•added 2004/09/01 4:0 a.m.•49 views

CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5CVSS6.3AI score0.04451EPSS

CVE•added 2000/01/04 5:0 a.m.•48 views

CVE-1999-0894

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

10CVSS6.8AI score0.00409EPSS

CVE•added 2000/04/10 4:0 a.m.•48 views

CVE-2000-0196

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

7.5CVSS7.9AI score0.01316EPSS

CVE•added 2000/10/13 4:0 a.m.•48 views

CVE-2000-0263

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.

2.1CVSS6.8AI score0.00479EPSS

CVE•added 2000/10/20 4:0 a.m.•48 views

CVE-2000-0701

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

4.6CVSS7AI score0.00069EPSS

CVE•added 2001/05/07 4:0 a.m.•48 views

CVE-2001-0128

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

7.2CVSS6.6AI score0.00055EPSS

CVE•added 2001/05/07 4:0 a.m.•48 views

CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS

CVE•added 2003/06/16 4:0 a.m.•48 views

CVE-2002-1155

Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.

7.2CVSS7.5AI score0.00128EPSS

CVE•added 1999/09/29 4:0 a.m.•47 views

CVE-1999-0037

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

7.5CVSS7.5AI score0.00777EPSS

CVE•added 1999/09/29 4:0 a.m.•47 views

CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

10CVSS8.1AI score0.0666EPSS

CVE•added 2000/03/22 5:0 a.m.•47 views

CVE-1999-0390

Buffer overflow in Dosemu Slang library in Linux.

7.2CVSS7.3AI score0.00071EPSS

CVE•added 2001/09/12 4:0 a.m.•47 views

CVE-1999-1496

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

2.1CVSS7AI score0.00089EPSS

CVE•added 2000/07/12 4:0 a.m.•47 views

CVE-2000-0531

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

2.1CVSS6.6AI score0.00179EPSS

CVE•added 2001/05/07 4:0 a.m.•47 views

CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.3AI score0.00076EPSS

CVE•added 2001/09/18 4:0 a.m.•47 views

CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5CVSS7.7AI score0.01079EPSS

CVE•added 2002/03/09 5:0 a.m.•47 views

CVE-2001-0635

Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.

4.6CVSS6.5AI score0.0005EPSS

CVE•added 2017/12/11 5:29 p.m.•47 views

CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

6.5CVSS6.1AI score0.00259EPSS

CVE•added 2000/01/04 5:0 a.m.•46 views

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

5CVSS7AI score0.03718EPSS

CVE•added 2002/03/09 5:0 a.m.•46 views

CVE-1999-1331

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.

2.1CVSS6.6AI score0.00173EPSS

CVE•added 2000/07/12 4:0 a.m.•46 views

CVE-2000-0391

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

10CVSS7.6AI score0.08485EPSS

CVE•added 2001/05/07 4:0 a.m.•46 views

CVE-2001-0233

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

10CVSS7.8AI score0.14821EPSS

CVE•added 2003/04/02 5:0 a.m.•46 views

CVE-2001-1374

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

7.2CVSS6.6AI score0.00053EPSS

CVE•added 2003/04/02 5:0 a.m.•46 views

CVE-2001-1383

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.

6.2CVSS6.7AI score0.0005EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2002-1160

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.

7.2CVSS6.5AI score0.00066EPSS

CVE•added 2007/09/17 5:17 p.m.•46 views

CVE-2007-3379

Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

2.1CVSS6.1AI score0.00057EPSS

CVE•added 2000/01/04 5:0 a.m.•45 views

CVE-1999-0814

Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.

10CVSS7.3AI score0.00939EPSS

CVE•added 2002/03/09 5:0 a.m.•45 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

4.6CVSS7AI score0.00097EPSS

CVE•added 2002/03/09 5:0 a.m.•45 views

CVE-1999-1332

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

2.1CVSS5.8AI score0.00155EPSS

CVE•added 2000/04/25 4:0 a.m.•45 views

CVE-2000-0184

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

2.1CVSS6.7AI score0.00079EPSS

CVE•added 2000/04/10 4:0 a.m.•45 views

CVE-2000-0186

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

7.2CVSS7.3AI score0.00063EPSS

CVE•added 2001/01/22 5:0 a.m.•45 views

CVE-2000-0917

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

10CVSS7.4AI score0.83542EPSS

CVE•added 2000/12/19 5:0 a.m.•45 views

CVE-2000-0963

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

7.2CVSS7.6AI score0.00156EPSS

CVE•added 2002/07/31 4:0 a.m.•45 views

CVE-2000-1207

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).

7.2CVSS7.2AI score0.00891EPSS

CVE•added 2002/03/09 5:0 a.m.•44 views

CVE-1999-1327

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.

7.2CVSS7.2AI score0.00064EPSS

Total number of security vulnerabilities229