Redhat Linux Advanced Workstation — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Linux Advanced Workstation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (65)
CVE-2004-0902 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow…
CVE-2004-0904 — CVSS 10.0 (critical): Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0882 — CVSS 10.0 (critical): Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via…
CVE-2004-0903 — CVSS 10.0 (critical): Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before…
CVE-2006-6235 — CVSS 10.0 (critical): A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute…
CVE-2004-0888 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote…
CVE-2004-0889 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of…
CVE-2007-1351 — CVSS 8.5 (high): Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier…
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2004-1176 — CVSS 7.5 (high): Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly…
CVE-2004-0803 — CVSS 7.5 (high): Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer…
CVE-2004-0817 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0827 — CVSS 7.5 (high): Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a…
CVE-2004-1175 — CVSS 7.5 (high): fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell…
CVE-2004-1005 — CVSS 7.5 (high): Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2008-1767 — CVSS 7.5 (high): Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly…
CVE-2003-0434 — CVSS 7.5 (high): Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell…
CVE-2003-0699 — CVSS 7.5 (high): The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security…
CVE-2004-0104 — CVSS 7.5 (high): Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2004-0105 — CVSS 7.5 (high): Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2004-0494 — CVSS 7.5 (high): Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized…
CVE-2005-1760 — CVSS 7.5 (high): sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext…
CVE-2005-0699 — CVSS 7.5 (high): Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and…
CVE-2004-1004 — CVSS 7.5 (high): Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2007-5365 — CVSS 7.2 (high): Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd…
CVE-2004-1072 — CVSS 7.2 (high): The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that…
CVE-2004-1071 — CVSS 7.2 (high): The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to…
CVE-2004-1070 — CVSS 7.2 (high): The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not…
CVE-2004-0949 — CVSS 6.4 (medium): The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of…
CVE-2004-0883 — CVSS 6.4 (medium): Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of…
CVE-2004-1068 — CVSS 6.2 (medium): A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users…
CVE-2004-0802 — CVSS 5.1 (medium): Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP…
CVE-2005-0667 — CVSS 5.1 (medium): Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-1090 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
CVE-2004-1091 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
CVE-2004-1092 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
CVE-2004-1093 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
CVE-2004-1139 — CVSS 5.0 (medium): Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service…
CVE-2004-1142 — CVSS 5.0 (medium): Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1145 — CVSS 5.0 (medium): Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not…
CVE-2004-1174 — CVSS 5.0 (medium): direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file…
CVE-2004-0886 — CVSS 5.0 (medium): Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption)…
CVE-2003-0549 — CVSS 5.0 (medium): The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash)…
CVE-2004-0111 — CVSS 5.0 (medium): gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2004-0633 — CVSS 5.0 (medium): The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2004-1613 — CVSS 5.0 (medium): Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that…
CVE-2004-0930 — CVSS 5.0 (medium): The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service…
CVE-2004-0635 — CVSS 5.0 (medium): The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1)…
CVE-2004-0634 — CVSS 5.0 (medium): The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a…
CVE-2003-0548 — CVSS 5.0 (medium): The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash)…
CVE-2005-1061 — CVSS 5.0 (medium): The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in…
CVE-2004-1009 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2002-2185 — CVSS 4.9 (medium): The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's…
CVE-2003-0859 — CVSS 4.9 (medium): The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages…
CVE-2005-0078 — CVSS 4.6 (medium): The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with…
CVE-2004-0905 — CVSS 4.6 (medium): Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform…
CVE-2002-1323 — CVSS 4.6 (medium): Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or…
CVE-2005-1194 — CVSS 4.6 (medium): Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a…
CVE-2007-1352 — CVSS 3.8 (low): Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary…
CVE-2005-0988 — CVSS 3.7 (low): Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary…
CVE-2005-1918 — CVSS 2.6 (low): The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect…
CVE-2004-1073 — CVSS 2.1 (low): The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users…