Linux
by Red Hat
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0083 | Cri | 0.68 | 9.8 | 0.15 | Mar 15, 2002 | Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | ||
| CVE-1999-0043 | Cri | 0.67 | 9.8 | 0.45 | Dec 4, 1996 | Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||
| CVE-2025-8941 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2025 | A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-2016-3699 | Hig | 0.48 | 7.4 | 0.01 | Oct 7, 2016 | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | ||
| CVE-2014-3250 | Med | 0.42 | 6.5 | 0.01 | Dec 11, 2017 | The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | ||
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.05 | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||
| CVE-2000-0917 | 0.09 | — | 0.79 | Dec 19, 2000 | Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | |||
| CVE-2000-0248 | 0.09 | — | 0.74 | Apr 24, 2000 | The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands. | |||
| CVE-2001-1013 | 0.08 | — | 0.66 | Sep 12, 2001 | Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | |||
| CVE-1999-0502 | 0.07 | — | 0.52 | Mar 1, 1998 | A Unix account has a default, null, blank, or missing password. | |||
| CVE-2003-0434 | 0.06 | — | 0.41 | Jul 24, 2003 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. | |||
| CVE-2000-0322 | 0.06 | — | 0.42 | Apr 24, 2000 | The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters. | |||
| CVE-1999-0368 | 0.06 | — | 0.39 | Feb 9, 1999 | Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | |||
| CVE-2000-0666 | 0.05 | — | 0.26 | Jul 16, 2000 | rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. | |||
| CVE-1999-0002 | 0.05 | — | 0.28 | Oct 12, 1998 | Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. | |||
| CVE-2003-0442 | 0.04 | — | 0.07 | Jul 24, 2003 | Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | |||
| CVE-2002-0068 | 0.04 | — | 0.09 | Mar 8, 2002 | Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | |||
| CVE-2001-0852 | 0.04 | — | 0.09 | Dec 6, 2001 | TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header. | |||
| CVE-2001-0690 | 0.04 | — | 0.12 | Sep 20, 2001 | Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. |
- risk 0.68cvss 9.8epss 0.15
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
- risk 0.67cvss 9.8epss 0.45
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.48cvss 7.4epss 0.01
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
- risk 0.42cvss 6.5epss 0.01
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
- risk 0.36cvss 5.4epss 0.05
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
- CVE-2000-0917Dec 19, 2000risk 0.09cvss —epss 0.79
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
- CVE-2000-0248Apr 24, 2000risk 0.09cvss —epss 0.74
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
- CVE-2001-1013Sep 12, 2001risk 0.08cvss —epss 0.66
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
- CVE-1999-0502Mar 1, 1998risk 0.07cvss —epss 0.52
A Unix account has a default, null, blank, or missing password.
- CVE-2003-0434Jul 24, 2003risk 0.06cvss —epss 0.41
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
- CVE-2000-0322Apr 24, 2000risk 0.06cvss —epss 0.42
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
- CVE-1999-0368Feb 9, 1999risk 0.06cvss —epss 0.39
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
- CVE-2000-0666Jul 16, 2000risk 0.05cvss —epss 0.26
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
- CVE-1999-0002Oct 12, 1998risk 0.05cvss —epss 0.28
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
- CVE-2003-0442Jul 24, 2003risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
- CVE-2002-0068Mar 8, 2002risk 0.04cvss —epss 0.09
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
- CVE-2001-0852Dec 6, 2001risk 0.04cvss —epss 0.09
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
- CVE-2001-0690Sep 20, 2001risk 0.04cvss —epss 0.12
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
Page 1 of 12