Search
Total
1558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1092 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-1091 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. | |||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-1093 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." | |||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
| CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||||
| CVE-2004-1090 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." | |||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-0105 | 3 Metamail Corporation, Redhat, Sgi | 4 Metamail, Enterprise Linux, Linux Advanced Workstation and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-0104 | 3 Metamail Corporation, Redhat, Sgi | 4 Metamail, Enterprise Linux, Linux Advanced Workstation and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. | |||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2017-07-05 | 10.0 HIGH | 9.8 CRITICAL |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||
| CVE-2013-4332 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2017-07-01 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. | |||||
| CVE-2017-9953 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2017-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2017-04-27 | 4.3 MEDIUM | 8.1 HIGH |
| Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2017-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2015-4800 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2016-12-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-4890 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2016-12-24 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. | |||||
| CVE-2015-2775 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2016-12-24 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |||||
| CVE-2015-4910 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2016-12-24 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | |||||
| CVE-2015-4862 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2016-12-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-12-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | |||||
| CVE-2014-3660 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2016-12-08 | 5.0 MEDIUM | N/A |
| parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | |||||
| CVE-2012-2697 | 1 Redhat | 1 Enterprise Linux | 2016-12-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map." | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2015-5281 | 1 Redhat | 1 Enterprise Linux | 2016-12-07 | 2.6 LOW | N/A |
| The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | |||||
| CVE-2016-5432 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2016-11-28 | 2.1 LOW | 3.3 LOW |
| The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | |||||
| CVE-2015-5229 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | |||||
| CVE-2013-4248 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Enterprise Linux | 2016-11-28 | 4.3 MEDIUM | N/A |
| The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2016-11-28 | 5.6 MEDIUM | N/A |
| A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||||
| CVE-2010-2598 | 1 Redhat | 1 Enterprise Linux | 2016-11-08 | 4.3 MEDIUM | N/A |
| LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
| CVE-2009-2696 | 2 Apache, Redhat | 4 Tomcat, Desktop Workstation, Enterprise Linux and 1 more | 2016-10-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781. | |||||
| CVE-2016-0741 | 2 Fedoraproject, Redhat | 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2016-10-12 | 7.8 HIGH | 7.5 HIGH |
| slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. | |||||
| CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2016-09-22 | 7.2 HIGH | 8.4 HIGH |
| Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | |||||
| CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2016-09-22 | 2.1 LOW | 8.4 HIGH |
| The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | |||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2016-09-06 | 1.2 LOW | N/A |
| The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | |||||
| CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2016-04-06 | 5.0 MEDIUM | N/A |
| sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2015-02-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0186 | 1 Redhat | 1 Enterprise Linux | 2014-06-16 | 5.0 MEDIUM | N/A |
| A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression. | |||||
| CVE-2011-3346 | 3 Qemu, Redhat, Xen | 3 Qemu, Enterprise Linux, Xen | 2014-04-01 | 4.0 MEDIUM | N/A |
| Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. | |||||
| CVE-2013-7347 | 1 Redhat | 2 Conga, Enterprise Linux | 2014-03-31 | 3.7 LOW | N/A |
| Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie. | |||||
| CVE-2012-3359 | 1 Redhat | 2 Conga, Enterprise Linux | 2014-03-31 | 3.7 LOW | N/A |
| Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout. | |||||
| CVE-2011-2942 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2013-06-10 | 6.8 MEDIUM | N/A |
| A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
| CVE-2012-2124 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2013-01-18 | 5.0 MEDIUM | N/A |
| functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813. | |||||
| CVE-2007-0980 | 3 Hp, Redhat, Suse | 4 Serviceguard For Linux, Enterprise Linux, Suse Linux and 1 more | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | |||||
| CVE-2004-2766 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2010-01-31 | 4.3 MEDIUM | N/A |
| Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||
| CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2010-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||
| CVE-2007-1865 | 1 Redhat | 1 Enterprise Linux | 2008-11-13 | 1.9 LOW | N/A |
| ** DISPUTED ** The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer." | |||||