Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15532 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0023 | 2 Redhat, Rxvt | 3 Enterprise Linux, Linux, Rxvt | 2025-04-03 | N/A |
| The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2025-04-03 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-2002-1914 | 2 Dump Project, Redhat | 2 Dump, Enterprise Linux | 2025-04-03 | 5.5 Medium |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | ||||
| CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
| CVE-2005-2090 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2025-04-03 | N/A |
| Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2005-2088 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-04-03 | N/A |
| The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2025-04-03 | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
| CVE-2004-0751 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). | ||||
| CVE-2004-0747 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | 7.8 High |
| Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | ||||
| CVE-2004-0519 | 3 Redhat, Sgi, Squirrelmail | 3 Enterprise Linux, Propack, Squirrelmail | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | ||||
| CVE-2004-0493 | 6 Apache, Avaya, Gentoo and 3 more | 9 Http Server, Converged Communications Server, S8300 and 6 more | 2025-04-03 | N/A |
| The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | ||||
| CVE-2002-1574 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | ||||
| CVE-2002-1573 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling." | ||||
| CVE-2002-1572 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors. | ||||
| CVE-2002-1571 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers. | ||||
| CVE-2002-1565 | 2 Immunix, Redhat | 2 Immunix, Enterprise Linux | 2025-04-03 | N/A |
| Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL. | ||||
| CVE-2002-1563 | 2 Redhat, Stunnel | 3 Enterprise Linux, Linux, Stunnel | 2025-04-03 | N/A |
| stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. | ||||
| CVE-2006-0456 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. | ||||
| CVE-2002-1405 | 4 Elinks, Links, Redhat and 1 more | 5 Elinks, Links, Enterprise Linux and 2 more | 2025-04-03 | N/A |
| CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | ||||
| CVE-2002-1377 | 2 Redhat, Vim Development Group | 3 Enterprise Linux, Linux, Vim | 2025-04-03 | N/A |
| vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | ||||