Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Application Stack
Subscriptions
Total
87 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-2107 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2024-08-07 | N/A |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. | ||||
CVE-2008-2079 | 5 Canonical, Debian, Mysql and 2 more | 6 Ubuntu Linux, Debian Linux, Mysql and 3 more | 2024-08-07 | N/A |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | ||||
CVE-2008-2108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-07 | 9.8 Critical |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | ||||
CVE-2008-2051 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2024-08-07 | N/A |
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | ||||
CVE-2008-1927 | 2 Perl, Redhat | 4 Perl, Certificate System, Enterprise Linux and 1 more | 2024-08-07 | N/A |
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. | ||||
CVE-2008-0005 | 4 Apache, Canonical, Fedoraproject and 1 more | 6 Http Server, Ubuntu Linux, Fedora and 3 more | 2024-08-07 | N/A |
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||||
CVE-2008-0002 | 2 Apache, Redhat | 3 Tomcat, Jboss Enterprise Application Platform, Rhel Application Stack | 2024-08-07 | N/A |
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. |