Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5017 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||||
| CVE-2007-2589 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | ||||
| CVE-2007-5899 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | ||||
| CVE-2008-5014 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | ||||
| CVE-2008-5013 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||||
| CVE-2007-3108 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-09 | N/A |
| The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | ||||
| CVE-2009-0354 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function. | ||||
| CVE-2009-0357 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | ||||
| CVE-2009-3874 | 3 Microsoft, Redhat, Sun | 10 Windows, Enterprise Linux, Network Satellite and 7 more | 2025-04-09 | N/A |
| Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | ||||
| CVE-2008-3905 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-09 | N/A |
| resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
| CVE-2007-0010 | 2 Gnome, Redhat | 2 Gtk, Enterprise Linux | 2025-04-09 | N/A |
| The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | ||||
| CVE-2007-3104 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. | ||||
| CVE-2007-3475 | 2 Gd Graphics Library, Redhat | 2 Gdlib, Enterprise Linux | 2025-04-09 | N/A |
| The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | ||||
| CVE-2009-3736 | 2 Gnu, Redhat | 2 Libtool, Enterprise Linux | 2025-04-09 | N/A |
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2008-2662 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. | ||||
| CVE-2009-2446 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5162 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-09 | N/A |
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | ||||
| CVE-2009-3873 | 3 Microsoft, Redhat, Sun | 10 Windows, Enterprise Linux, Network Satellite and 7 more | 2025-04-09 | N/A |
| The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||||
| CVE-2008-2108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-09 | 9.8 Critical |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | ||||
| CVE-2008-2315 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2025-04-09 | N/A |
| Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||||