Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13592 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-0010 | 2 Gnome, Redhat | 2 Gtk, Enterprise Linux | 2024-08-07 | N/A |
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | ||||
CVE-2007-0006 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." | ||||
CVE-2007-0005 | 3 Linux, Omnikey.aaitg, Redhat | 3 Linux Kernel, Omnikey Cardman 4040, Enterprise Linux | 2024-08-07 | N/A |
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. | ||||
CVE-2008-7270 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Enterprise Web Server | 2024-08-07 | N/A |
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | ||||
CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2024-08-07 | N/A |
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | ||||
CVE-2008-7224 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2024-08-07 | N/A |
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link. | ||||
CVE-2008-6679 | 2 Ghostscript, Redhat | 2 Ghostscript, Enterprise Linux | 2024-08-07 | N/A |
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. | ||||
CVE-2008-6552 | 2 Fedoraproject, Redhat | 7 Fedora, Cluster Project, Cman and 4 more | 2024-08-07 | N/A |
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||||
CVE-2008-6472 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2024-08-07 | N/A |
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||||
CVE-2008-6235 | 2 Redhat, Vim | 2 Enterprise Linux, Vim | 2024-08-07 | N/A |
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | ||||
CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2024-08-07 | N/A |
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||||
CVE-2008-5983 | 4 Canonical, Fedoraproject, Python and 1 more | 4 Ubuntu Linux, Fedora, Python and 1 more | 2024-08-07 | N/A |
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. | ||||
CVE-2008-5913 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-08-07 | N/A |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | ||||
CVE-2008-5814 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. | ||||
CVE-2008-5702 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. | ||||
CVE-2008-5700 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-08-07 | N/A |
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. | ||||
CVE-2008-5713 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode. | ||||
CVE-2008-5557 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-08-07 | N/A |
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. | ||||
CVE-2008-5508 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2024-08-07 | N/A |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | ||||
CVE-2008-5504 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-08-07 | N/A |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. |