Enterprise Linux Server
by Red Hat
CVEs (1,623)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0635 | 0.00 | — | 0.05 | Dec 6, 2004 | The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read. | |||
| CVE-2004-0634 | 0.00 | — | 0.05 | Dec 6, 2004 | The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. | |||
| CVE-2004-0494 | 0.00 | — | 0.02 | Nov 23, 2004 | Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||
| CVE-2004-0750 | 0.00 | — | 0.01 | Oct 20, 2004 | Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied. | |||
| CVE-2004-1613 | 0.00 | — | 0.02 | Oct 18, 2004 | Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated… | |||
| CVE-2004-0643 | 0.00 | — | 0.01 | Sep 28, 2004 | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2004-0905 | 0.00 | — | 0.03 | Sep 14, 2004 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||
| CVE-2004-0421 | 0.00 | — | 0.04 | Aug 18, 2004 | The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||
| CVE-2004-0495 | 0.00 | — | 0.00 | Aug 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||
| CVE-2004-0488 | 0.00 | — | 0.38 | Jul 7, 2004 | Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | |||
| CVE-2004-0111 | 0.00 | — | 0.02 | Apr 15, 2004 | gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | |||
| CVE-2003-1295 | 0.00 | — | 0.00 | Dec 31, 2003 | Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password." | |||
| CVE-2003-0857 | 0.00 | — | 0.00 | Dec 31, 2003 | The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||
| CVE-2003-0986 | 0.00 | — | 0.00 | Dec 31, 2003 | Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. | |||
| CVE-2003-0859 | 0.00 | — | 0.00 | Dec 15, 2003 | The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||
| CVE-2003-0689 | 0.00 | — | 0.02 | Oct 20, 2003 | The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. | |||
| CVE-2003-0549 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | |||
| CVE-2003-0548 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | |||
| CVE-2003-0699 | 0.00 | — | 0.02 | Aug 27, 2003 | The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700. |
- CVE-2004-0635Dec 6, 2004risk 0.00cvss —epss 0.05
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
- CVE-2004-0634Dec 6, 2004risk 0.00cvss —epss 0.05
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
- CVE-2004-0494Nov 23, 2004risk 0.00cvss —epss 0.02
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
- CVE-2004-0750Oct 20, 2004risk 0.00cvss —epss 0.01
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
- CVE-2004-1613Oct 18, 2004risk 0.00cvss —epss 0.02
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated…
- CVE-2004-0643Sep 28, 2004risk 0.00cvss —epss 0.01
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2004-0905Sep 14, 2004risk 0.00cvss —epss 0.03
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
- CVE-2004-0421Aug 18, 2004risk 0.00cvss —epss 0.04
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
- CVE-2004-0495Aug 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
- CVE-2004-0488Jul 7, 2004risk 0.00cvss —epss 0.38
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
- CVE-2004-0111Apr 15, 2004risk 0.00cvss —epss 0.02
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
- CVE-2003-1295Dec 31, 2003risk 0.00cvss —epss 0.00
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
- CVE-2003-0857Dec 31, 2003risk 0.00cvss —epss 0.00
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
- CVE-2003-0986Dec 31, 2003risk 0.00cvss —epss 0.00
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
- CVE-2003-0859Dec 15, 2003risk 0.00cvss —epss 0.00
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
- CVE-2003-0689Oct 20, 2003risk 0.00cvss —epss 0.02
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
- CVE-2003-0549Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
- CVE-2003-0548Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
- CVE-2003-0699Aug 27, 2003risk 0.00cvss —epss 0.02
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
Page 81 of 82