Redhat Fedora Core vulnerabilities

77 known vulnerabilities affecting redhat/fedora_core.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL20HIGH16MEDIUM28LOW13

Vulnerabilities

Page 4 of 4

CVE-2004-0802MEDIUMCVSS 5.1vcore_1.0vcore_2.0+1 more2004-12-31

CVE-2004-0802 [MEDIUM] CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrar Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

nvd

CVE-2004-0803HIGHCVSS 7.5vcore_2.02004-12-23

CVE-2004-0803 [HIGH] CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, re Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

nvd

CVE-2004-1333LOWCVSS 2.1PoCvcore_1.0vcore_2.0+1 more2004-12-15

CVE-2004-1333 [LOW] CVE-2004-1333: Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows loca Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

nvd

CVE-2004-1335LOWCVSS 2.1PoCvcore_1.0vcore_2.0+1 more2004-12-15

CVE-2004-1335 [LOW] CVE-2004-1335: Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to c Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

nvd

CVE-2004-0619HIGHCVSS 7.2vcore_1.02004-12-06

CVE-2004-0619 [HIGH] CVE-2004-0619: Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows loca Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.

nvd

CVE-2004-0415LOWCVSS 2.1PoCvcore_1.02004-11-23

CVE-2004-0415 [LOW] CVE-2004-0415: Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local us Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

nvd

CVE-2004-1613MEDIUMCVSS 5.0vcore_1.0vcore_2.02004-10-18

CVE-2004-1613 [MEDIUM] CVE-2004-1613: Mozilla allows remote attackers to cause a denial of service (application crash from null dereferenc Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

nvd

CVE-2005-0373HIGHCVSS 7.5vcore_1.02004-10-07

CVE-2005-0373 [HIGH] CVE-2005-0373: Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

nvd

CVE-2004-0827HIGHCVSS 7.5vcore_1.0vcore_2.0+1 more2004-09-16

CVE-2004-0827 [HIGH] CVE-2004-0827: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6 Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

nvd

CVE-2004-0905MEDIUMCVSS 4.6vcore_1.02004-09-14

CVE-2004-0905 [MEDIUM] CVE-2004-0905: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

nvd

CVE-2004-0234CRITICALCVSS 10.0vcore_1.02004-08-18

CVE-2004-0234 [CRITICAL] CWE-119 CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used i Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

nvd

CVE-2004-0235MEDIUMCVSS 6.4vcore_1.02004-08-18

CVE-2004-0235 [MEDIUM] CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to cr Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

nvd

CVE-2004-0461CRITICALCVSS 10.0vcore_2.02004-08-06

CVE-2004-0461 [CRITICAL] CVE-2004-0461: The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

nvd

CVE-2004-0460CRITICALCVSS 10.0vcore_2.02004-08-06

CVE-2004-0460 [CRITICAL] CVE-2004-0460: Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0 Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing t

nvd

CVE-2004-0557CRITICALCVSS 10.0PoCvcore_1.0vcore_2.02004-08-06

CVE-2004-0557 [CRITICAL] CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

nvd

CVE-2004-0587LOWCVSS 2.1vcore_1.02004-08-06

CVE-2004-0587 [LOW] CVE-2004-0587: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

nvd

CVE-2004-0595MEDIUMCVSS 6.8PoCvcore_1.0vcore_2.02004-07-27

CVE-2004-0595 [MEDIUM] CVE-2004-0595: The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) ch The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulner

nvd

← Previous4 / 4