VYPR

Linux

by Red Hat

CVEs (233)

  • CVE-2002-0083CriMar 15, 2002
    risk 0.68cvss 9.8epss 0.15

    Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

  • CVE-1999-0043CriDec 4, 1996
    risk 0.67cvss 9.8epss 0.45

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

  • CVE-2025-8941HigAug 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2016-3699HigOct 7, 2016
    risk 0.48cvss 7.4epss 0.01

    The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

  • CVE-2014-3250MedDec 11, 2017
    risk 0.42cvss 6.5epss 0.01

    The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

  • CVE-1999-0011MedApr 8, 1998
    risk 0.36cvss 5.4epss 0.05

    Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

  • CVE-2000-0917Dec 19, 2000
    risk 0.09cvss epss 0.79

    Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

  • CVE-2000-0248Apr 24, 2000
    risk 0.09cvss epss 0.74

    The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.

  • CVE-2001-1013Sep 12, 2001
    risk 0.08cvss epss 0.66

    Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

  • CVE-1999-0502Mar 1, 1998
    risk 0.07cvss epss 0.52

    A Unix account has a default, null, blank, or missing password.

  • CVE-2003-0434Jul 24, 2003
    risk 0.06cvss epss 0.41

    Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

  • CVE-2000-0322Apr 24, 2000
    risk 0.06cvss epss 0.42

    The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

  • CVE-1999-0368Feb 9, 1999
    risk 0.06cvss epss 0.39

    Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

  • CVE-2000-0666Jul 16, 2000
    risk 0.05cvss epss 0.26

    rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

  • CVE-1999-0002Oct 12, 1998
    risk 0.05cvss epss 0.28

    Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

  • CVE-2003-0442Jul 24, 2003
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

  • CVE-2002-0068Mar 8, 2002
    risk 0.04cvss epss 0.09

    Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

  • CVE-2001-0852Dec 6, 2001
    risk 0.04cvss epss 0.09

    TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

  • CVE-2001-0690Sep 20, 2001
    risk 0.04cvss epss 0.12

    Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Page 1 of 12