Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
14092 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2003-0211 | 2 Redhat, Xinetd | 3 Enterprise Linux, Linux, Xinetd | 2024-11-20 | N/A |
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. | ||||
CVE-2003-0204 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2024-11-20 | N/A |
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | ||||
CVE-2003-0201 | 7 Apple, Compaq, Hp and 4 more | 10 Mac Os X, Tru64, Cifs-9000 Server and 7 more | 2024-11-20 | N/A |
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | ||||
CVE-2003-0196 | 6 Compaq, Hp, Redhat and 3 more | 9 Tru64, Cifs-9000 Server, Hp-ux and 6 more | 2024-11-20 | N/A |
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | ||||
CVE-2003-0194 | 1 Redhat | 3 Enterprise Linux, Linux, Tcpdump | 2024-11-20 | N/A |
tcpdump does not properly drop privileges to the pcap user when starting up. | ||||
CVE-2003-0192 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2024-11-20 | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | ||||
CVE-2003-0190 | 4 Openbsd, Openpkg, Redhat and 1 more | 8 Openssh, Openpkg, Enterprise Linux and 5 more | 2024-11-20 | N/A |
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. | ||||
CVE-2003-0188 | 2 Lv, Redhat | 4 Lv, Enterprise Linux, Linux and 1 more | 2024-11-20 | N/A |
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories. | ||||
CVE-2003-0161 | 5 Compaq, Hp, Redhat and 2 more | 11 Tru64, Hp-ux, Hp-ux Series 700 and 8 more | 2024-11-20 | N/A |
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. | ||||
CVE-2003-0159 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2024-11-20 | N/A |
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2024-11-20 | N/A |
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
CVE-2003-0147 | 4 Openpkg, Openssl, Redhat and 1 more | 6 Openpkg, Openssl, Enterprise Linux and 3 more | 2024-11-20 | N/A |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | ||||
CVE-2003-0146 | 2 Netpbm, Redhat | 3 Netpbm, Enterprise Linux, Linux | 2024-11-20 | N/A |
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. | ||||
CVE-2003-0145 | 2 Lbl, Redhat | 3 Tcpdump, Enterprise Linux, Linux | 2024-11-20 | N/A |
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | ||||
CVE-2003-0140 | 2 Mutt, Redhat | 3 Mutt, Enterprise Linux, Linux | 2024-11-20 | N/A |
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. | ||||
CVE-2003-0139 | 2 Mit, Redhat | 3 Kerberos, Enterprise Linux, Linux | 2024-11-20 | N/A |
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | ||||
CVE-2003-0138 | 2 Mit, Redhat | 3 Kerberos, Enterprise Linux, Linux | 2024-11-20 | N/A |
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | ||||
CVE-2003-0136 | 2 Astart Technologies, Redhat | 3 Lprng, Enterprise Linux, Linux | 2024-11-20 | N/A |
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file. | ||||
CVE-2003-0131 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Linux and 1 more | 2024-11-20 | N/A |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." | ||||
CVE-2003-0127 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2024-11-20 | N/A |
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. |