Filtered by vendor Redhat
Subscribe
Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5961 | 1 Redhat | 1 Network Satellite | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2008-1676 | 2 Netscape, Redhat | 2 Certificate Management System, Certificate System | 2025-04-09 | 7.5 HIGH | N/A |
| Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. | |||||
| CVE-2007-5079 | 1 Redhat | 1 Linux | 2025-04-09 | 6.0 MEDIUM | N/A |
| Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-4136 | 1 Redhat | 1 Conga | 2025-04-09 | 5.0 MEDIUM | N/A |
| The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. | |||||
| CVE-2008-0597 | 2 Easy Software Products, Redhat | 3 Cups, Desktop, Enterprise Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | |||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
| CVE-2008-2944 | 3 Fedoraproject, Linux, Redhat | 3 Fedora Core, Linux Kernel, Enterprise Linux | 2025-04-09 | 4.9 MEDIUM | N/A |
| Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365. | |||||
| CVE-2006-4811 | 2 Qt, Redhat | 2 Qt, Kdelibs | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | |||||
| CVE-2008-0884 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
| The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file. | |||||
| CVE-2009-0180 | 2 Nfs, Redhat | 2 Nfs-utils, Fedora | 2025-04-09 | 7.5 HIGH | N/A |
| Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | |||||
| CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2025-04-09 | 4.4 MEDIUM | N/A |
| sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | |||||
| CVE-2008-2365 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.7 MEDIUM | N/A |
| Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x. | |||||
| CVE-2008-3323 | 1 Redhat | 1 Cygwin | 2025-04-09 | 7.6 HIGH | N/A |
| setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package. | |||||
| CVE-2009-3553 | 5 Apple, Canonical, Debian and 2 more | 7 Cups, Mac Os X, Mac Os X Server and 4 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1349 | 3 Apache, Canonical, Redhat | 7 Mod Perl, Ubuntu Linux, Enterprise Linux Desktop and 4 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | |||||
| CVE-2007-5494 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 4.9 MEDIUM | N/A |
| Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. | |||||
| CVE-2009-0027 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-09 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2006-5753 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. | |||||
| CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | |||||