Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2002-03-08 CVE-2002-0068 Buffer Overflow vulnerability in Squid Cache FTP Proxy URL
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
network
low complexity
squid redhat
7.5
2002-03-08 CVE-2002-0067 Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
network
low complexity
squid redhat
7.5
2002-02-27 CVE-2002-0004 Heap Overflow vulnerability in AT Maliciously Formatted Time
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
7.2
2002-01-31 CVE-2002-0045 slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
network
low complexity
openldap redhat
7.5
2002-01-31 CVE-2002-0002 Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
network
low complexity
stunnel engardelinux mandrakesoft redhat
7.5
2001-12-21 CVE-2001-0872 OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
local
low complexity
openbsd redhat suse
7.2
2001-12-21 CVE-2001-0869 Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
network
low complexity
caldera redhat suse
7.5
2001-12-19 CVE-2001-0889 Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
network
low complexity
university-of-cambridge redhat
7.5
2001-10-25 CVE-2001-0923 Unspecified vulnerability in Redhat Package Manager 4.0.271/4.0.272
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.
local
low complexity
redhat
7.2
2001-09-20 CVE-2001-0690 Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. 7.5