Linux Advanced Workstation
by Red Hat
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5365 | 0.09 | — | 0.80 | Oct 11, 2007 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request… | |||
| CVE-2003-0434 | 0.06 | — | 0.41 | Jul 24, 2003 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. | |||
| CVE-2004-0104 | 0.05 | — | 0.26 | Mar 3, 2004 | Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. | |||
| CVE-2008-1767 | 0.04 | — | 0.13 | May 23, 2008 | Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. | |||
| CVE-2004-0633 | 0.04 | — | 0.18 | Dec 6, 2004 | The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. | |||
| CVE-2005-1061 | 0.03 | — | 0.03 | May 2, 2005 | The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular… | |||
| CVE-2004-1073 | 0.03 | — | 0.01 | Jan 10, 2005 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | |||
| CVE-2005-0699 | 0.01 | — | 0.06 | Mar 8, 2005 | Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. | |||
| CVE-2004-0888 | 0.01 | — | 0.09 | Jan 27, 2005 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by… | |||
| CVE-2004-0882 | 0.01 | — | 0.14 | Jan 27, 2005 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | |||
| CVE-2004-0902 | 0.01 | — | 0.10 | Jan 27, 2005 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2)… | |||
| CVE-2004-0903 | 0.01 | — | 0.10 | Jan 27, 2005 | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly… | |||
| CVE-2004-0904 | 0.01 | — | 0.08 | Dec 31, 2004 | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||
| CVE-2004-0803 | 0.01 | — | 0.08 | Dec 23, 2004 | Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | |||
| CVE-2004-0105 | 0.01 | — | 0.08 | Mar 3, 2004 | Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. | |||
| CVE-2007-1351 | 0.00 | — | 0.06 | Apr 6, 2007 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. | |||
| CVE-2007-1352 | 0.00 | — | 0.02 | Apr 6, 2007 | Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | |||
| CVE-2006-6235 | 0.00 | — | 0.06 | Dec 7, 2006 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||
| CVE-2005-3625 | 0.00 | — | 0.04 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka… | |||
| CVE-2005-3626 | 0.00 | — | 0.03 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
- CVE-2007-5365Oct 11, 2007risk 0.09cvss —epss 0.80
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request…
- CVE-2003-0434Jul 24, 2003risk 0.06cvss —epss 0.41
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
- CVE-2004-0104Mar 3, 2004risk 0.05cvss —epss 0.26
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
- CVE-2008-1767May 23, 2008risk 0.04cvss —epss 0.13
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
- CVE-2004-0633Dec 6, 2004risk 0.04cvss —epss 0.18
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
- CVE-2005-1061May 2, 2005risk 0.03cvss —epss 0.03
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular…
- CVE-2004-1073Jan 10, 2005risk 0.03cvss —epss 0.01
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
- CVE-2005-0699Mar 8, 2005risk 0.01cvss —epss 0.06
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
- CVE-2004-0888Jan 27, 2005risk 0.01cvss —epss 0.09
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…
- CVE-2004-0882Jan 27, 2005risk 0.01cvss —epss 0.14
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
- CVE-2004-0902Jan 27, 2005risk 0.01cvss —epss 0.10
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2)…
- CVE-2004-0903Jan 27, 2005risk 0.01cvss —epss 0.10
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly…
- CVE-2004-0904Dec 31, 2004risk 0.01cvss —epss 0.08
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
- CVE-2004-0803Dec 23, 2004risk 0.01cvss —epss 0.08
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
- CVE-2004-0105Mar 3, 2004risk 0.01cvss —epss 0.08
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
- CVE-2007-1351Apr 6, 2007risk 0.00cvss —epss 0.06
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
- CVE-2007-1352Apr 6, 2007risk 0.00cvss —epss 0.02
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
- CVE-2006-6235Dec 7, 2006risk 0.00cvss —epss 0.06
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
- CVE-2005-3625Dec 31, 2005risk 0.00cvss —epss 0.04
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka…
- CVE-2005-3626Dec 31, 2005risk 0.00cvss —epss 0.03
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Page 1 of 4