CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Linux : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0750 +Priv 2005-03-27 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
2 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
3 CVE-2004-0619 DoS Exec Code Overflow 2004-12-06 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
4 CVE-2003-0989 DoS 2004-02-17 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
5 CVE-2003-0434 Exec Code 2003-07-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
6 CVE-2003-0370 2003-06-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
7 CVE-2003-0354 Exec Code 2003-06-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
8 CVE-2003-0188 Exec Code 2003-06-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
9 CVE-2003-0135 2003-04-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
10 CVE-2003-0019 2003-02-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
11 CVE-2002-1160 +Priv 2003-02-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
12 CVE-2002-0836 Exec Code 2002-10-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
13 CVE-2002-0506 DoS Exec Code Overflow 2002-08-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
14 CVE-2002-0068 DoS Exec Code 2002-03-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
15 CVE-2002-0067 Bypass 2002-03-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
16 CVE-2002-0062 Overflow +Priv 2002-03-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
17 CVE-2002-0045 2002-01-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
18 CVE-2002-0004 Exec Code Mem. Corr. 2002-02-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
19 CVE-2002-0002 Exec Code 2002-01-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
20 CVE-2001-1374 +Priv 2001-07-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
21 CVE-2001-1030 Bypass 2001-07-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
22 CVE-2001-1028 Overflow +Priv 2001-05-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
23 CVE-2001-1002 Exec Code +Priv 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
24 CVE-2001-0889 Exec Code 2001-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
25 CVE-2001-0872 +Priv 2001-12-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
26 CVE-2001-0869 Exec Code 2001-12-21 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
27 CVE-2001-0690 Exec Code 2001-09-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
28 CVE-2001-0473 Exec Code 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
29 CVE-2001-0441 Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
30 CVE-2001-0439 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
31 CVE-2001-0128 +Priv Bypass 2001-03-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
32 CVE-2000-1213 2000-10-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
33 CVE-2000-1208 +Priv 2002-08-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
34 CVE-2000-1207 2000-09-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
35 CVE-2000-1189 Overflow +Priv 2001-01-09 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
36 CVE-2000-1134 2001-01-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
37 CVE-2000-1125 2001-01-09 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
38 CVE-2000-1095 Exec Code 2001-01-09 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
39 CVE-2000-1009 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
40 CVE-2000-0963 Exec Code Overflow 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
41 CVE-2000-0934 DoS 2000-12-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.
42 CVE-2000-0867 +Priv 2000-11-14 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
43 CVE-2000-0751 Exec Code 2000-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
44 CVE-2000-0750 Exec Code Overflow 2000-10-20 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
45 CVE-2000-0607 Overflow +Priv 2000-06-21 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
46 CVE-2000-0606 Overflow +Priv 2000-06-21 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
47 CVE-2000-0566 2000-07-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
48 CVE-2000-0392 Overflow +Priv 2000-05-16 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
49 CVE-2000-0378 2000-05-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
50 CVE-2000-0357 1999-12-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
Total number of vulnerabilities : 89   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.