Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Desktop Subscriptions
Total 1947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2025-04-03 9.8 Critical
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2012-1535 7 Adobe, Apple, Linux and 4 more 10 Flash Player, Mac Os X, Linux Kernel and 7 more 2025-04-03 7.8 High
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 37 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 34 more 2025-04-03 7.8 High
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more 2025-04-03 7.5 High
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2005-1268 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2025-04-03 N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2005-0156 7 Ibm, Larry Wall, Redhat and 4 more 9 Aix, Perl, Enterprise Linux and 6 more 2025-04-03 N/A
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVE-2005-3631 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.
CVE-2004-1142 7 Altlinux, Conectiva, Debian and 4 more 9 Alt Linux, Linux, Debian Linux and 6 more 2025-04-03 N/A
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2005-0207 4 Conectiva, Linux, Redhat and 1 more 5 Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-03 N/A
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
CVE-2005-0077 4 Debian, Gentoo, Redhat and 1 more 5 Debian Linux, Linux, Enterprise Linux and 2 more 2025-04-03 N/A
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVE-2005-0699 4 Altlinux, Conectiva, Ethereal Group and 1 more 6 Alt Linux, Linux, Ethereal and 3 more 2025-04-03 N/A
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
CVE-2004-0557 4 Conectiva, Gentoo, Redhat and 1 more 6 Linux, Linux, Enterprise Linux and 3 more 2025-04-03 N/A
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
CVE-2004-0685 3 Linux, Redhat, Trustix 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more 2025-04-03 N/A
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
CVE-2005-0092 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
CVE-2004-0968 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2005-0736 3 Conectiva, Linux, Redhat 5 Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-03 N/A
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
CVE-2004-0946 2 Nfs, Redhat 3 Nfs-utils, Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.
CVE-2005-0403 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
CVE-2004-1070 5 Linux, Redhat, Suse and 2 more 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-03 N/A
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
CVE-2004-0903 4 Conectiva, Mozilla, Redhat and 1 more 9 Linux, Mozilla, Thunderbird and 6 more 2025-04-03 N/A
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.