Vulnerabilities > Redhat > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-3624 | Numeric Errors vulnerability in multiple products The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-189 | 5.0 |
| 2005-04-14 | CVE-2004-1235 | Local Privilege Escalation vulnerability in Linux kernel Uselib() Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. | 6.2 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
| 2004-10-18 | CVE-2004-1613 | Memory Corruption vulnerability in Mozilla Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | 5.0 |
| 2004-09-14 | CVE-2004-0905 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | 4.6 |
| 2003-08-27 | CVE-2003-0552 | Remote Security vulnerability in Redhat Linux 2.4.2 Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. | 5.0 |
| 2003-08-27 | CVE-2003-0551 | Denial-Of-Service vulnerability in Redhat Linux 2.4.2 The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. | 5.0 |
| 2003-08-27 | CVE-2003-0550 | Remote Security vulnerability in Redhat Linux 2.4.2 The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. | 5.0 |
| 2003-08-27 | CVE-2003-0464 | Local Security vulnerability in Linux The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. | 4.6 |
| 2003-07-24 | CVE-2003-0442 | Cross-Site Scripting vulnerability in PHP Transparent Session ID Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | 4.3 |