VYPR

Enterprise Linux Desktop

by Red Hat

CVEs (999)

  • CVE-2004-1070Jan 10, 2005
    risk 0.00cvss epss 0.01

    The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid…

  • CVE-2004-1071Jan 10, 2005
    risk 0.00cvss epss 0.01

    The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

  • CVE-2004-1014Jan 10, 2005
    risk 0.00cvss epss 0.02

    statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

  • CVE-2004-0817Dec 31, 2004
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

  • CVE-2004-0802Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

  • CVE-2004-0685Dec 23, 2004
    risk 0.00cvss epss 0.00

    Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

  • CVE-2004-1142Dec 15, 2004
    risk 0.00cvss epss 0.02

    Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

  • CVE-2004-1139Dec 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

  • CVE-2004-1145Dec 15, 2004
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…

  • CVE-2004-0607Dec 6, 2004
    risk 0.00cvss epss 0.05

    The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

  • CVE-2004-0494Nov 23, 2004
    risk 0.00cvss epss 0.02

    Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.

  • CVE-2004-0750Oct 20, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.

  • CVE-2004-1613Oct 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated…

  • CVE-2004-0643Sep 28, 2004
    risk 0.00cvss epss 0.01

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

  • CVE-2004-0827Sep 16, 2004
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

  • CVE-2004-0905Sep 14, 2004
    risk 0.00cvss epss 0.03

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

  • CVE-2004-0421Aug 18, 2004
    risk 0.00cvss epss 0.04

    The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

  • CVE-2002-2185Dec 31, 2002
    risk 0.00cvss epss 0.02

    The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively…

  • CVE-1999-1572Jul 16, 1996
    risk 0.00cvss epss 0.01

    cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Page 50 of 50