Lucene search
K
RedhatLinux

229 matches found

CVE
CVE
added 2005/06/28 4:0 a.m.68 views

CVE-2002-1814

Bonobo’s efstools contains a local buffer overflow when installed setuid, allowing a local user to trigger arbitrary code execution through excessively long command line arguments. Affected component: efstools within Bonobo. Root cause: unchecked/buffered input handling leading to overflow when h...

4.6CVSS8AI score0.01116EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.67 views

CVE-1999-0705

CVE-1999-0705 concerns a buffer overflow in INN inews. The interconnected sources indicate multiple vulnerabilities in INN

7.5CVSS6.9AI score0.04783EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.67 views

CVE-2000-0052

Technical details for CVE-2000-0052 are not publicly provided in the supplied documents; only the generic description is present. Monitor for updates in connected sources for affected products, versions, impact, and remediation.

7.2CVSS6.9AI score0.00889EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.67 views

CVE-2001-0439

CVE-2001-0439 affects Licq prior to 1.0.3. The vulnerability stems from how Licq parses received URLs: the URL is passed to the web browser via system() without sufficient input validation, allowing a remote attacker to inject shell metacharacters and execute arbitrary commands. Impact is remote ...

7.5CVSS7.7AI score0.02405EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.67 views

CVE-2001-1030

CVE-2001-1030 affects the Squid proxy server when used in HTTP accelerator mode. The vulnerability exists if httpd_accel_host and http_accel_with_proxy are off, enabling an attacker to bypass ACLs and perform unauthorized activities such as port scanning. Concrete details from connected sources i...

7.5CVSS6.5AI score0.01962EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.66 views

CVE-1999-0868

CVE-1999-0868 concerns ucbmail where remote attackers can execute commands by supplying shell metacharacters to ucbmail via INN. Multiple connected sources (Red Hat, CVE/CVEList, NVD) reiterate the same vulnerability description but do not provide concrete fix versions or patches within the suppl...

7.2CVSS8.2AI score0.01504EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.66 views

CVE-1999-1186

CVE-1999-1186 concerns rxvt (terminal emulator) when compiled with the PRINT_PIPE option on certain Linux distros (e.g., Slackware 3.0, RedHat 2.1). The vulnerability arises from the -print-pipe parameter, which allows a local user to specify a malicious program, potentially gaining root privileg...

7.2CVSS7.5AI score0.004EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.66 views

CVE-2000-0531

CVE-2000-0531 : Linux gpm program vulnerability where local users can cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. The NVD entry shows a LOCAL attack vector, LOW base severity, and PARTIAL availability impact; no remediation or workaround details are provided ...

2.1CVSS6.6AI score0.00925EPSS
CVE
CVE
added 2001/05/24 4:0 a.m.66 views

CVE-2001-0441

CVE-2001-0441 describes a buffer overflow in the slrn news reader (wrapping and unwrapping functions) that allows remote code execution via a long message header. The vulnerability affects versions prior to the fixed releases cited in connected advisories: Debian DSA-040-1 and Mandrake MDKSA-2001...

7.5CVSS7.8AI score0.02695EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.66 views

CVE-2001-0635

Red Hat Linux 7.1 is affected by CVE-2001-0635 due to insecure permissions on swap files created at install. The swap files could be world-readable, enabling a local attacker to read sensitive data such as passwords and potentially escalate privileges. The connected Red Hat advisory RHSA-2001:058...

4.6CVSS6.5AI score0.00381EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.65 views

CVE-1999-0894

The CVE-1999-0894 issue concerns the Red Hat Linux screen program that does not use Unix98 ptys, enabling local users to write to other terminals. The connected PT-2000-1029 entry reiterates the Red Hat Linux screen issue and notes that no information about a newer version containing a fix is ava...

10CVSS6.8AI score0.01871EPSS
CVE
CVE
added 2000/05/24 4:0 a.m.65 views

CVE-2000-0355

CVE-2000-0355 affects SuSE pbpg 1.x, where the vulnerable components are pg and pb. The underlying issue allows an attacker to read arbitrary files. This summary is based on public records (NVD/CVE entries) and applies to the SuSE pbpg 1.x package. The connected documents confirm the affected com...

7.5CVSS6.9AI score0.01184EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.65 views

CVE-2000-0606

The CVE describes a buffer overflow in the kon program within Kanji on Console (KON) on Linux. The vulnerability is triggered by a long -StartupMessage parameter in KON, potentially allowing local users to gain root privileges. No versions, affected distributions, or explicit exploit details are ...

7.2CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.65 views

CVE-2001-0197

CVE-2001-0197 affects the Icecast server: vulnerable in the print_client function for Icecast versions 1.3.8beta2 and earlier. The issue is a format-string vulnerability that allows remote attackers to execute arbitrary commands. The Debian advisory notes fixes in Icecast 1.3.10-1, indicating a p...

10CVSS7.4AI score0.13122EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.64 views

CVE-1999-0037

CVE-1999-0037 describes an arbitrary command execution in the metamail package when a user processes an attacker’s message with malicious content in its headers. The vulnerability stems from how metamail handles message headers during processing, enabling an attacker to execute commands on the af...

7.5CVSS7.5AI score0.03508EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.64 views

CVE-1999-0192

The CVE-1999-0192 issue is a buffer overflow in the telnet daemon tgetent routing that can allow remote attackers to gain root access via the TERMCAP environment variable. Affected component: telnet daemon (tgetent routing). Root access exploitation is stated as the impact. Related material in co...

10CVSS8.1AI score0.10041EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.64 views

CVE-1999-0872

CVE-1999-0872 is a vulnerability in Vixie cron where a buffer overflow can be triggered by a long MAILTO value in a crontab, enabling local users to gain root access. The Red Hat CVE entry and related records confirm the issue but do not provide remediation steps or patched versions in the connec...

7.2CVSS7.2AI score0.00361EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.64 views

CVE-1999-1329

The CVE describes a local privilege escalation caused by a buffer overflow in SysVInit on Red Hat Linux 5.1 and earlier. Affected component: SysVInit; vulnerable action: buffer overflow leading to privilege gain. Root cause: overflow in SysVInit that permits local users to escalate privileges to ...

7.2CVSS7.2AI score0.00412EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.64 views

CVE-2000-0389

CVE-2000-0389 describes a buffer overflow in the krb_rd_req function used by Kerberos 4 and Kerberos 5, enabling remote attackers to gain root privileges. The vulnerability is evidenced across multiple feeds (NVD, CVE List, Nessus plugin) and linked advisories (CERT CA-2000-06, Bugtraq/archives)....

10CVSS7.3AI score0.16503EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.64 views

CVE-2000-0390

CVE-2000-0390 describes a buffer overflow in the krb425_conv_principal function of Kerberos 5. The vulnerability allows remote attackers to gain root privileges via the affected Kerberos 5 component. Documents identify the root cause as a buffer overflow in the krb425_conv_principal routine, with...

10CVSS7.6AI score0.04061EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.64 views

CVE-2000-0392

CVE-2000-0392 : Buffer overflow in the Kerberos 5 ksu utility allows local users to gain root privileges. Documented by NVD/CVE records and CERT advisory CA-2000-06, with historical vendor references (e.g., RHSA-2000-025). Some sources (SNYK) note no fixed version for kerb5; others provide vendor...

7.2CVSS6.8AI score0.00442EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.64 views

CVE-2001-0128

Zope before 2.2.4 contains a bug in how local roles are computed, enabling bypass of access restrictions and privilege escalation. The issue is documented across multiple sources (NVD/CVE entry and Mandrake MDKSA-2000:086) and affects Zope 2.2.4 and earlier. Remediation is to apply the update to ...

7.2CVSS6.6AI score0.00421EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.64 views

CVE-2001-0946

The vulnerability CVE-2001-0946 affects Red Hat 7.2 (Enigma) via apmd/apmscript, where a local attacker can craft a symlink to the LOW_POWER temporary file to create or modify the modification times of arbitrary files. This could be used to trigger a denial of service, for example by creating /et...

3.6CVSS6.9AI score0.0041EPSS
CVE
CVE
added 2000/09/21 4:0 a.m.63 views

CVE-2000-0701

The vulnerability CVE-2000-0701 affects the Mailman project’s wrapper program in versions 2.0beta3 and 2.0beta4. The root cause is improper cleansing of untrusted format strings, which permits local privilege escalation. The NVD entry lists local attack vector with low complexity and partial impa...

4.6CVSS7AI score0.00389EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.63 views

CVE-2001-0139

Inn 2.2.3 is vulnerable to a local temporary-file race condition. The root cause is inn creating temporary files in a world-writable directory (or being configured to use one), enabling symlink attacks that may modify files writable by the news user. Mandrake/MDKSA-2001:010 notes a patch that rel...

1.2CVSS6.3AI score0.00339EPSS
CVE
CVE
added 2001/10/12 4:0 a.m.63 views

CVE-2001-0736

This CVE (CVE-2001-0736) affects the Pine email client (and pico editor) prior to version 4.33, where a local user can overwrite arbitrary files via a symlink attack. The vulnerability allows any local user to overwrite files owned by other users, including root, under certain conditions. A fix i...

2.1CVSS6.4AI score0.00815EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.63 views

CVE-2002-0002

The connected advisory confirms a format-string vulnerability in stunnel for client-mode negotiations (smtp, pop, nntp). Affected versions: 3.15 through 3.21c; 3.22 is not vulnerable. The flaw arises in the functions that implement client-side SMTP/POP/NNTP negotiations, allowing a malicious serv...

7.5CVSS7.4AI score0.05283EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.62 views

CVE-1999-1332

Technical details about CVE-1999-1332 are not publicly provided in the connected documents you supplied; existing entries mention the vulnerability in gzexe but do not reveal affected versions, impact specifics, or fixes.

2.1CVSS5.8AI score0.00402EPSS
CVE
CVE
added 2000/04/10 4:0 a.m.62 views

CVE-2000-0186

The CVE-2000-0186 entry concerns a buffer overflow in the dump utility of the Linux ext2fs backup package. The underlying issue is a too-long command line argument, which can allow a local user to gain privileges. The affected component is the dump utility within the ext2fs backup toolchain; the ...

7.2CVSS7.3AI score0.00417EPSS
CVE
CVE
added 2000/04/10 4:0 a.m.62 views

CVE-2000-0196

The CVE-2000-0196 entry concerns the Linux nmh package’s mhshow utility. A vulnerability in mhshow’s handling of MIME headers can cause a buffer overflow, enabling remote command execution by an attacker via a crafted email message. The description explicitly states that this allows remote attack...

7.5CVSS7.9AI score0.03014EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.62 views

CVE-2000-0315

Technical specifics (affected products, vulnerable components, root cause, and fixes) are not publicly provided in the connected documents. Monitor for updates.

5CVSS6.6AI score0.01751EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.62 views

CVE-2001-0233

CVE-2001-0233 affects the micq client (versions 0.4.6 and earlier). The vulnerability is a remote buffer overflow in the handling of a long Description field (via sprintf), allowing a remote attacker to cause a denial of service and possibly execute arbitrary code. Multiple connected sources (Deb...

10CVSS7.8AI score0.14554EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.62 views

CVE-2001-0473

CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...

7.5CVSS7.3AI score0.0206EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.62 views

CVE-2001-0641

CVE-2001-0641 concerns a buffer overflow in the man program across various Linux distributions. The vulnerability allows a local unprivileged user to execute arbitrary code with the effective group Man ID by supplying a very long -S option. This is a local-privilege escalation via memory corrupti...

4.6CVSS7.5AI score0.01255EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.62 views

CVE-2001-1374

Summary (concrete details from connected documents): The vulnerability is in the expect utility prior to version 5.32, where it searches for its libraries in /var/tmp before other directories. A local attacker could exploit this by placing a Trojan horse library that mkpasswd would load, potentia...

7.2CVSS6.6AI score0.00371EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.62 views

CVE-2003-0188

CVE-2003-0188: lv, a multilingual file viewer, reads a .lv configuration file from the current working directory. A crafted .lv file placed in a directory can cause lv to execute arbitrary commands as the invoking user, enabling local privilege escalation (including root) on affected systems. Pub...

7.2CVSS6.8AI score0.00442EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.61 views

CVE-1999-0704

The CVE refers to a buffer overflow in the Berkeley automounter daemon (amd) logging facility included with the Linux am-utils package and related software. Affected component: amd’s logging facility; underlying issue: buffer overflow. Potential impact per sources: complete confidentiality, integ...

9.3CVSS7.3AI score0.0446EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.61 views

CVE-1999-1496

CVE-1999-1496 affects Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 . Local users can infer the existence of arbitrary files by attempting to execute the target filename as a program, which yields different error messages depending on whether the file exists. This indicates a minor information-dis...

2.1CVSS7AI score0.00515EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.61 views

CVE-2000-1207

CVE-2000-1207 affects the userhelper component in the Red Hat Linux usermode package. It executes non-setuid programs as root, which prevents glibc security measures from activating. This creates a local exposure where vulnerable programs can be exploited via format string weaknesses in glibc, tr...

7.2CVSS7.2AI score0.15349EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.61 views

CVE-2000-1220

CVE-2000-1220 affects the line printer daemon (lpd) in the lpr package across multiple Linux distributions. The vulnerability lets local users gain root privileges by causing sendmail to be invoked with arbitrary command line arguments through a crafted -C configuration file option. This is trigg...

10CVSS7.1AI score0.14217EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.61 views

CVE-2001-0138

CVE-2001-0138 affects wu-ftpd; the privatepw helper allows a local user to overwrite arbitrary files via a symlink attack in wu-ftpd before version 2.6.1-6. The issue stems from a temporary file handling weakness. Mitigation: upgrade wu-ftpd to 2.6.1-6 or newer (as reflected in Debian/Mandrake ad...

1.2CVSS6.3AI score0.00298EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.61 views

CVE-2001-1383

CVE-2001-1383 affects the initscript in setserial 2.17-4 and earlier, where it creates predictable temporary file names. This could allow local users to perform unauthorized operations on files. The Connected documents confirm the same description across CVE lists and NVD records, with no provide...

6.2CVSS6.7AI score0.00322EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.61 views

CVE-2002-0506

The CVE-2002-0506 entry concerns the libnewt (newt windowing library) component, specifically the newt.c file. A buffer overflow in libnewt 0.50.33 and earlier may allow a local attacker to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. The available conn...

7.2CVSS8.2AI score0.00491EPSS
CVE
CVE
added 2007/09/17 5:0 p.m.61 views

CVE-2007-3379

CVE-2007-3379 affects Red Hat Enterprise Linux 4 on x86_64 where the kernel may allow a local user to trigger a denial of service (OOPS). The description attributes the issue to vectors related to get_gate_vma and the fuser command, with the root cause details not explicitly provided in the sourc...

2.1CVSS6.1AI score0.00341EPSS
CVE
CVE
added 2007/09/25 1:0 a.m.61 views

CVE-2007-5079

CVE-2007-5079 affects Red Hat Enterprise Linux 4 in the gdm package, where the gdm build on x86_64 platforms was missing TCP wrappers support, potentially allowing a remote attacker to bypass access restrictions. The issue is tied to a missing TCP wrappers mechanism rather than a new vulnerabilit...

6CVSS6.4AI score0.01743EPSS
CVE
CVE
added 2017/12/11 5:0 p.m.61 views

CVE-2014-3250

CVE-2014-3250 affects Puppet before 3.6.2. The issue is that the default vhost configuration file does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. The availa...

6.5CVSS6.1AI score0.00894EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.60 views

CVE-2001-0118

CVE-2001-0118 affects rdist 6.1.5 and describes a local vulnerability where an attacker can overwrite arbitrary files via a symlink attack. The Connected documents corroborate the issue as a local symlink-based overwrite vulnerability. No specific remediation, affected versions beyond 6.1.5, expl...

1.2CVSS6.8AI score0.00298EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.60 views

CVE-2001-0120

CVE-2001-0120 relates to the shadow-utils package, specifically the useradd component. The vulnerability arises from insecure temporary file handling: useradd creates temporary files in /etc/default with predictable names. If /etc/default is world-writable, an attacker could perform a symbolic-li...

1.2CVSS6.4AI score0.00298EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.59 views

CVE-1999-1331

Affected software: netcfg 2.16-1 on Red Hat Linux 4.2. Vulnerability: Local users can control the Ethernet interface on reboot when a specific option is set, enabling a denial of service by shutting down the interface. Root cause/trigger: The description indicates the interface control occurs at ...

2.1CVSS6.6AI score0.00329EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.59 views

CVE-2000-0263

CVE-2000-0263 affects the X font server (xfs) on Red Hat Linux 6.x. A malformed request can cause a denial of service, impacting availability (CVSS v2 base score 2.1). Vector: local, low complexity, no authentication required; impact is limited to availability. No explicit remediation details are...

2.1CVSS6.8AI score0.01016EPSS
Total number of security vulnerabilities229