Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-4900 |
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Published: November 02, 2023; 12:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2019-0223 |
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Published: April 23, 2019; 12:29:00 PM -0400 |
V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2018-14657 |
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. Published: November 13, 2018; 2:29:00 PM -0500 |
V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2018-14655 |
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. Published: November 13, 2018; 2:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-7110 |
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler. Published: October 17, 2018; 9:29:00 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10864 |
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. Published: August 13, 2018; 1:29:00 PM -0400 |
V3.0: 6.2 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-1041 |
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Published: February 15, 2018; 12:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2003-0041 |
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. Published: February 19, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2002-1814 |
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2002-2185 |
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2002-1232 |
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Published: November 04, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-0836 |
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Published: October 28, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2000-1208 |
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. Published: August 12, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2002-0506 |
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. Published: August 12, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2002-0638 |
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. Published: August 12, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2002-0080 |
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. Published: March 15, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2002-0083 |
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Published: March 15, 2002; 12:00:00 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2002-0062 |
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." Published: March 08, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2002-0067 |
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Published: March 08, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-0068 |
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. Published: March 08, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |