Vendor CVEs
Red Hat
All CVEs
3,659 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0736 | 0.03 | — | 0.02 | Mar 9, 2005 | Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. | |||
| CVE-2005-0156 | 0.03 | — | 0.01 | Feb 7, 2005 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||
| CVE-2004-1073 | 0.03 | — | 0.01 | Jan 10, 2005 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | |||
| CVE-2004-1335 | 0.03 | — | 0.01 | Dec 15, 2004 | Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. | |||
| CVE-2004-1333 | 0.03 | — | 0.01 | Dec 15, 2004 | Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. | |||
| CVE-2004-0497 | 0.03 | — | 0.01 | Dec 6, 2004 | Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | |||
| CVE-2004-0415 | 0.03 | — | 0.01 | Nov 23, 2004 | Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | |||
| CVE-2004-0554 | 0.03 | — | 0.01 | Aug 6, 2004 | Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. | |||
| CVE-2004-0077 | 0.03 | — | 0.02 | Mar 3, 2004 | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root… | |||
| CVE-2003-0955 | 0.03 | — | 0.01 | Dec 15, 2003 | OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c,… | |||
| CVE-2003-1138 | 0.03 | — | 0.05 | Oct 27, 2003 | The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||
| CVE-2002-1155 | 0.03 | — | 0.01 | Jun 16, 2003 | Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument. | |||
| CVE-2003-0019 | 0.03 | — | 0.01 | Feb 19, 2003 | uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. | |||
| CVE-2002-1814 | 0.03 | — | 0.01 | Dec 31, 2002 | Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | |||
| CVE-2002-0874 | 0.03 | — | 0.06 | Sep 5, 2002 | Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||
| CVE-2002-0004 | 0.03 | — | 0.01 | Feb 27, 2002 | Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | |||
| CVE-2002-0002 | 0.03 | — | 0.05 | Jan 31, 2002 | Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. | |||
| CVE-2001-0787 | 0.03 | — | 0.01 | Oct 18, 2001 | LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. | |||
| CVE-2001-0736 | 0.03 | — | 0.01 | Oct 18, 2001 | Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0641 | 0.03 | — | 0.01 | Sep 20, 2001 | Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. | |||
| CVE-2001-0169 | 0.03 | — | 0.01 | Mar 26, 2001 | When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. | |||
| CVE-2001-0170 | 0.03 | — | 0.01 | Mar 26, 2001 | glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. | |||
| CVE-2000-1134 | 0.03 | — | 0.01 | Jan 9, 2001 | Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||
| CVE-2000-1125 | 0.03 | — | 0.01 | Jan 9, 2001 | restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||
| CVE-2000-1095 | 0.03 | — | 0.01 | Jan 9, 2001 | modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. | |||
| CVE-2000-1009 | 0.03 | — | 0.01 | Dec 11, 2000 | dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||
| CVE-2000-0829 | 0.03 | — | 0.01 | Nov 14, 2000 | The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/. | |||
| CVE-2000-0751 | 0.03 | — | 0.04 | Oct 20, 2000 | mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. | |||
| CVE-2000-0816 | 0.03 | — | 0.01 | Oct 6, 2000 | Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. | |||
| CVE-2000-0617 | 0.03 | — | 0.01 | Jun 22, 2000 | Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable. | |||
| CVE-2000-0607 | 0.03 | — | 0.01 | Jun 21, 2000 | Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. | |||
| CVE-2000-0378 | 0.03 | — | 0.01 | May 3, 2000 | The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. | |||
| CVE-2000-0336 | 0.03 | — | 0.01 | Apr 21, 2000 | Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. | |||
| CVE-2000-0263 | 0.03 | — | 0.01 | Apr 16, 2000 | The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. | |||
| CVE-2000-0286 | 0.03 | — | 0.01 | Apr 16, 2000 | X fontserver xfs allows local users to cause a denial of service via malformed input to the server. | |||
| CVE-2000-0229 | 0.03 | — | 0.01 | Mar 22, 2000 | gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | |||
| CVE-2000-0230 | 0.03 | — | 0.01 | Mar 13, 2000 | Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. | |||
| CVE-2000-0170 | 0.03 | — | 0.02 | Feb 26, 2000 | Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. | |||
| CVE-2000-0219 | 0.03 | — | 0.01 | Feb 23, 2000 | Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. | |||
| CVE-2000-0052 | 0.03 | — | 0.01 | Jan 4, 2000 | Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. | |||
| CVE-1999-0997 | 0.03 | — | 0.06 | Dec 20, 1999 | wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. | |||
| CVE-1999-0986 | 0.03 | — | 0.04 | Dec 8, 1999 | The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | |||
| CVE-2000-0531 | 0.03 | — | 0.01 | Nov 23, 1999 | Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. | |||
| CVE-1999-0704 | 0.03 | — | 0.04 | Sep 16, 1999 | Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. | |||
| CVE-1999-0705 | 0.03 | — | 0.05 | Sep 1, 1999 | Buffer overflow in INN inews program. | |||
| CVE-1999-0769 | 0.03 | — | 0.01 | Aug 25, 1999 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | |||
| CVE-1999-0768 | 0.03 | — | 0.02 | Aug 25, 1999 | Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. | |||
| CVE-2000-0118 | 0.03 | — | 0.01 | Jun 9, 1999 | The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. | |||
| CVE-1999-0804 | 0.03 | — | 0.06 | Jun 1, 1999 | Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. | |||
| CVE-1999-0433 | 0.03 | — | 0.01 | Mar 21, 1999 | XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
- CVE-2005-0736Mar 9, 2005risk 0.03cvss —epss 0.02
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
- CVE-2005-0156Feb 7, 2005risk 0.03cvss —epss 0.01
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
- CVE-2004-1073Jan 10, 2005risk 0.03cvss —epss 0.01
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
- CVE-2004-1335Dec 15, 2004risk 0.03cvss —epss 0.01
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
- CVE-2004-1333Dec 15, 2004risk 0.03cvss —epss 0.01
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
- CVE-2004-0497Dec 6, 2004risk 0.03cvss —epss 0.01
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
- CVE-2004-0415Nov 23, 2004risk 0.03cvss —epss 0.01
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
- CVE-2004-0554Aug 6, 2004risk 0.03cvss —epss 0.01
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
- CVE-2004-0077Mar 3, 2004risk 0.03cvss —epss 0.02
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root…
- CVE-2003-0955Dec 15, 2003risk 0.03cvss —epss 0.01
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c,…
- CVE-2003-1138Oct 27, 2003risk 0.03cvss —epss 0.05
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
- CVE-2002-1155Jun 16, 2003risk 0.03cvss —epss 0.01
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
- CVE-2003-0019Feb 19, 2003risk 0.03cvss —epss 0.01
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
- CVE-2002-1814Dec 31, 2002risk 0.03cvss —epss 0.01
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
- CVE-2002-0874Sep 5, 2002risk 0.03cvss —epss 0.06
Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.
- CVE-2002-0004Feb 27, 2002risk 0.03cvss —epss 0.01
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
- CVE-2002-0002Jan 31, 2002risk 0.03cvss —epss 0.05
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
- CVE-2001-0787Oct 18, 2001risk 0.03cvss —epss 0.01
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
- CVE-2001-0736Oct 18, 2001risk 0.03cvss —epss 0.01
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0641Sep 20, 2001risk 0.03cvss —epss 0.01
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
- CVE-2001-0169Mar 26, 2001risk 0.03cvss —epss 0.01
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
- CVE-2001-0170Mar 26, 2001risk 0.03cvss —epss 0.01
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
- CVE-2000-1134Jan 9, 2001risk 0.03cvss —epss 0.01
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
- CVE-2000-1125Jan 9, 2001risk 0.03cvss —epss 0.01
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
- CVE-2000-1095Jan 9, 2001risk 0.03cvss —epss 0.01
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
- CVE-2000-1009Dec 11, 2000risk 0.03cvss —epss 0.01
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
- CVE-2000-0829Nov 14, 2000risk 0.03cvss —epss 0.01
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
- CVE-2000-0751Oct 20, 2000risk 0.03cvss —epss 0.04
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
- CVE-2000-0816Oct 6, 2000risk 0.03cvss —epss 0.01
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
- CVE-2000-0617Jun 22, 2000risk 0.03cvss —epss 0.01
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.
- CVE-2000-0607Jun 21, 2000risk 0.03cvss —epss 0.01
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
- CVE-2000-0378May 3, 2000risk 0.03cvss —epss 0.01
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
- CVE-2000-0336Apr 21, 2000risk 0.03cvss —epss 0.01
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
- CVE-2000-0263Apr 16, 2000risk 0.03cvss —epss 0.01
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
- CVE-2000-0286Apr 16, 2000risk 0.03cvss —epss 0.01
X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
- CVE-2000-0229Mar 22, 2000risk 0.03cvss —epss 0.01
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
- CVE-2000-0230Mar 13, 2000risk 0.03cvss —epss 0.01
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
- CVE-2000-0170Feb 26, 2000risk 0.03cvss —epss 0.02
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
- CVE-2000-0219Feb 23, 2000risk 0.03cvss —epss 0.01
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
- CVE-2000-0052Jan 4, 2000risk 0.03cvss —epss 0.01
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
- CVE-1999-0997Dec 20, 1999risk 0.03cvss —epss 0.06
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
- CVE-1999-0986Dec 8, 1999risk 0.03cvss —epss 0.04
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
- CVE-2000-0531Nov 23, 1999risk 0.03cvss —epss 0.01
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
- CVE-1999-0704Sep 16, 1999risk 0.03cvss —epss 0.04
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
- CVE-1999-0705Sep 1, 1999risk 0.03cvss —epss 0.05
Buffer overflow in INN inews program.
- CVE-1999-0769Aug 25, 1999risk 0.03cvss —epss 0.01
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
- CVE-1999-0768Aug 25, 1999risk 0.03cvss —epss 0.02
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
- CVE-2000-0118Jun 9, 1999risk 0.03cvss —epss 0.01
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
- CVE-1999-0804Jun 1, 1999risk 0.03cvss —epss 0.06
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
- CVE-1999-0433Mar 21, 1999risk 0.03cvss —epss 0.01
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
Page 41 of 74