Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 14092 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0211 2 Redhat, Xinetd 3 Enterprise Linux, Linux, Xinetd 2024-11-20 N/A
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
CVE-2003-0204 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2024-11-20 N/A
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
CVE-2003-0201 7 Apple, Compaq, Hp and 4 more 10 Mac Os X, Tru64, Cifs-9000 Server and 7 more 2024-11-20 N/A
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2003-0196 6 Compaq, Hp, Redhat and 3 more 9 Tru64, Cifs-9000 Server, Hp-ux and 6 more 2024-11-20 N/A
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVE-2003-0194 1 Redhat 3 Enterprise Linux, Linux, Tcpdump 2024-11-20 N/A
tcpdump does not properly drop privileges to the pcap user when starting up.
CVE-2003-0192 2 Apache, Redhat 5 Http Server, Enterprise Linux, Linux and 2 more 2024-11-20 N/A
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
CVE-2003-0190 4 Openbsd, Openpkg, Redhat and 1 more 8 Openssh, Openpkg, Enterprise Linux and 5 more 2024-11-20 N/A
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2003-0188 2 Lv, Redhat 4 Lv, Enterprise Linux, Linux and 1 more 2024-11-20 N/A
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
CVE-2003-0161 5 Compaq, Hp, Redhat and 2 more 11 Tru64, Hp-ux, Hp-ux Series 700 and 8 more 2024-11-20 N/A
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
CVE-2003-0159 2 Ethereal Group, Redhat 3 Ethereal, Enterprise Linux, Linux 2024-11-20 N/A
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2003-0150 2 Oracle, Redhat 3 Mysql, Enterprise Linux, Linux 2024-11-20 N/A
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
CVE-2003-0147 4 Openpkg, Openssl, Redhat and 1 more 6 Openpkg, Openssl, Enterprise Linux and 3 more 2024-11-20 N/A
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
CVE-2003-0146 2 Netpbm, Redhat 3 Netpbm, Enterprise Linux, Linux 2024-11-20 N/A
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
CVE-2003-0145 2 Lbl, Redhat 3 Tcpdump, Enterprise Linux, Linux 2024-11-20 N/A
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
CVE-2003-0140 2 Mutt, Redhat 3 Mutt, Enterprise Linux, Linux 2024-11-20 N/A
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
CVE-2003-0139 2 Mit, Redhat 3 Kerberos, Enterprise Linux, Linux 2024-11-20 N/A
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
CVE-2003-0138 2 Mit, Redhat 3 Kerberos, Enterprise Linux, Linux 2024-11-20 N/A
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
CVE-2003-0136 2 Astart Technologies, Redhat 3 Lprng, Enterprise Linux, Linux 2024-11-20 N/A
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
CVE-2003-0131 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Linux and 1 more 2024-11-20 N/A
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
CVE-2003-0127 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2024-11-20 N/A
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.