Filtered by vendor Redhat
Subscriptions
Total
20652 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-0727 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2024-08-01 | 5.5 Medium |
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | ||||
CVE-2024-0056 | 2 Microsoft, Redhat | 24 .net, .net Framework, System.data.sqlclient and 21 more | 2024-08-01 | 8.7 High |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
CVE-2024-0057 | 2 Microsoft, Redhat | 22 .net, .net Framework, Nuget and 19 more | 2024-08-01 | 9.1 Critical |
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | ||||
CVE-1999-1542 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. | ||||
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2024-08-01 | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | ||||
CVE-1999-1496 | 3 Debian, Redhat, Todd Miller | 3 Debian Linux, Linux, Sudo | 2024-08-01 | N/A |
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. | ||||
CVE-1999-1490 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. | ||||
CVE-1999-1491 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. | ||||
CVE-1999-1406 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. | ||||
CVE-1999-1407 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. | ||||
CVE-1999-1327 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable. | ||||
CVE-1999-1348 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service. | ||||
CVE-1999-1346 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file. | ||||
CVE-1999-1330 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2024-08-01 | N/A |
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. | ||||
CVE-1999-1331 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. | ||||
CVE-1999-1335 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. | ||||
CVE-1999-1328 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. | ||||
CVE-1999-1332 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. | ||||
CVE-1999-1347 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. | ||||
CVE-1999-1333 | 1 Redhat | 1 Linux | 2024-08-01 | N/A |
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. |