VYPR

Vendor CVEs

Red Hat

All CVEs

3,659 total · sorted by risk
  • CVE-2012-5614Dec 3, 2012
    risk 0.04cvss epss 0.13

    Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique,…

  • CVE-2012-0067Apr 11, 2012
    risk 0.04cvss epss 0.07

    wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.

  • CVE-2008-2382Dec 24, 2008
    risk 0.04cvss epss 0.07

    The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

  • CVE-2008-2930Aug 29, 2008
    risk 0.04cvss epss 0.07

    Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded…

  • CVE-2008-1767May 23, 2008
    risk 0.04cvss epss 0.13

    Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

  • CVE-2007-5962May 22, 2008
    risk 0.04cvss epss 0.12

    Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands,…

  • CVE-2005-1267Jun 10, 2005
    risk 0.04cvss epss 0.14

    The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

  • CVE-2004-1267Jan 10, 2005
    risk 0.04cvss epss 0.06

    Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

  • CVE-2004-0633Dec 6, 2004
    risk 0.04cvss epss 0.18

    The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

  • CVE-2004-0460Aug 6, 2004
    risk 0.04cvss epss 0.45

    Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3)…

  • CVE-2003-0442Jul 24, 2003
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

  • CVE-2002-0068Mar 8, 2002
    risk 0.04cvss epss 0.09

    Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

  • CVE-2001-0852Dec 6, 2001
    risk 0.04cvss epss 0.09

    TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

  • CVE-2001-0690Sep 20, 2001
    risk 0.04cvss epss 0.12

    Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

  • CVE-2001-1002Aug 31, 2001
    risk 0.04cvss epss 0.09

    The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

  • CVE-2001-0197Mar 26, 2001
    risk 0.04cvss epss 0.13

    Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

  • CVE-2001-0233Mar 26, 2001
    risk 0.04cvss epss 0.15

    Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

  • CVE-2000-0844Nov 14, 2000
    risk 0.04cvss epss 0.15

    Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

  • CVE-2000-0668Jul 27, 2000
    risk 0.04cvss epss 0.07

    pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

  • CVE-2000-0389May 16, 2000
    risk 0.04cvss epss 0.17

    Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

  • CVE-2000-1221Jan 8, 2000
    risk 0.04cvss epss 0.17

    The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended…

  • CVE-2000-1220Jan 8, 2000
    risk 0.04cvss epss 0.14

    The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

  • CVE-2000-0017Dec 21, 1999
    risk 0.04cvss epss 0.09

    Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

  • CVE-1999-0710Jul 25, 1999
    risk 0.04cvss epss 0.12

    The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-1999-0192Oct 18, 1997
    risk 0.04cvss epss 0.10

    Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

  • CVE-1999-0042Apr 7, 1997
    risk 0.04cvss epss 0.13

    Buffer overflow in University of Washington's implementation of IMAP and POP servers.

  • CVE-1999-0041Feb 13, 1997
    risk 0.04cvss epss 0.09

    Buffer overflow in NLS (Natural Language Service).

  • CVE-2000-0508Dec 19, 1994
    risk 0.04cvss epss 0.09

    rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

  • CVE-2015-3245Aug 11, 2015
    risk 0.03cvss epss 0.05

    Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS…

  • CVE-2015-3329Jun 9, 2015
    risk 0.03cvss epss 0.38

    Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

  • CVE-2014-0118Jul 20, 2014
    risk 0.03cvss epss 0.37

    The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses…

  • CVE-2014-1512Mar 19, 2014
    risk 0.03cvss epss 0.31

    Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory…

  • CVE-2013-6492Feb 14, 2014
    risk 0.03cvss epss 0.04

    The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2012-0031Jan 18, 2012
    risk 0.03cvss epss 0.03

    scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an…

  • CVE-2011-1485May 31, 2011
    risk 0.03cvss epss 0.05

    Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

  • CVE-2011-0536Apr 8, 2011
    risk 0.03cvss epss 0.01

    Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted…

  • CVE-2011-1083Apr 4, 2011
    risk 0.03cvss epss 0.01

    The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

  • CVE-2009-1349Apr 21, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.

  • CVE-2008-3832Oct 3, 2008
    risk 0.03cvss epss 0.01

    A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

  • CVE-2008-4192Sep 29, 2008
    risk 0.03cvss epss 0.01

    The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

  • CVE-2008-2365Jun 30, 2008
    risk 0.03cvss epss 0.01

    Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a…

  • CVE-2007-3103Jul 15, 2007
    risk 0.03cvss epss 0.01

    The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

  • CVE-2007-0001Mar 2, 2007
    risk 0.03cvss epss 0.01

    The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

  • CVE-2006-5701Nov 3, 2006
    risk 0.03cvss epss 0.01

    Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2005-1061May 2, 2005
    risk 0.03cvss epss 0.03

    The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular…

  • CVE-2004-1235Apr 14, 2005
    risk 0.03cvss epss 0.03

    Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

  • CVE-2005-0750Mar 27, 2005
    risk 0.03cvss epss 0.01

    The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

Page 40 of 74