Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatLinux9.0

30 matches found

CVE
CVEadded 2023/11/28 12:15 p.m.197 views

CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

5.9CVSS6.9AI score0.00561EPSS
CVE
CVEadded 2005/04/14 4:0 a.m.98 views

CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

6.2CVSS7.5AI score0.00083EPSS
CVE
CVEadded 2005/04/03 5:0 a.m.95 views

CVE-2005-0750

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

7.2CVSS5.3AI score0.002EPSS
CVE
CVEadded 2007/04/06 1:19 a.m.87 views

CVE-2007-1352

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

3.8CVSS7.6AI score0.01775EPSS
CVE
CVEadded 2005/04/27 4:0 a.m.81 views

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

7.5CVSS6.7AI score0.06529EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.79 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.78 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.75 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10CVSS6.2AI score0.11286EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.74 views

CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

10CVSS7.7AI score0.31745EPSS
CVE
CVEadded 2005/01/06 5:0 a.m.71 views

CVE-2004-1335

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

2.1CVSS5.6AI score0.00187EPSS
CVE
CVEadded 2003/06/16 4:0 a.m.69 views

CVE-2003-0248

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

10CVSS6AI score0.01435EPSS
CVE
CVEadded 2003/06/16 4:0 a.m.68 views

CVE-2003-0247

Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").

5CVSS5.8AI score0.01659EPSS
CVE
CVEadded 2003/07/24 4:0 a.m.66 views

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

7.5CVSS7.5AI score0.25515EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.66 views

CVE-2004-1026

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10CVSS7.4AI score0.02681EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.65 views

CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a ...

10CVSS7.5AI score0.18825EPSS
CVE
CVEadded 2003/07/24 4:0 a.m.61 views

CVE-2003-0442

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

4.3CVSS5.8AI score0.31234EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.61 views

CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a...

10CVSS7.7AI score0.18826EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.61 views

CVE-2004-1025

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10CVSS7.5AI score0.02707EPSS
CVE
CVEadded 2005/02/20 5:0 a.m.61 views

CVE-2004-1613

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

5CVSS6.7AI score0.01798EPSS
CVE
CVEadded 2003/08/27 4:0 a.m.60 views

CVE-2003-0461

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

2.1CVSS5.4AI score0.00091EPSS
CVE
CVEadded 2003/06/16 4:0 a.m.59 views

CVE-2003-0364

The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.

5CVSS6AI score0.03339EPSS
CVE
CVEadded 2004/09/24 4:0 a.m.56 views

CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

4.6CVSS6.8AI score0.05741EPSS
CVE
CVEadded 2005/01/06 5:0 a.m.56 views

CVE-2004-1333

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

2.1CVSS7.1AI score0.0023EPSS
CVE
CVEadded 2004/02/17 5:0 a.m.51 views

CVE-2003-0989

tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.

7.5CVSS6.2AI score0.25252EPSS
CVE
CVEadded 2003/06/16 4:0 a.m.48 views

CVE-2002-1155

Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.

7.2CVSS7.5AI score0.00128EPSS
CVE
CVEadded 2003/06/09 4:0 a.m.43 views

CVE-2003-0194

tcpdump does not properly drop privileges to the pcap user when starting up.

4.6CVSS6.5AI score0.00069EPSS
CVE
CVEadded 2003/08/27 4:0 a.m.39 views

CVE-2003-0464

The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.

4.6CVSS6.3AI score0.00061EPSS
CVE
CVEadded 2003/06/09 4:0 a.m.37 views

CVE-2003-0188

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.

7.2CVSS6.8AI score0.0006EPSS
CVE
CVEadded 2003/04/11 4:0 a.m.36 views

CVE-2003-0135

vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.

7.5CVSS6.6AI score0.00527EPSS
CVE
CVEadded 2003/06/16 4:0 a.m.33 views

CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.

7.5CVSS7.2AI score0.00825EPSS