Search criteria
8 vulnerabilities found for Red Hat Linux by Red Hat, Inc.
JVNDB-2003-000030
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Vulnerability of Unauthorized Access to Files or Cookies
Details
w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000030",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6794",
"@id": "6794",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/11266",
"@id": "11266",
"@source": "XF"
}
],
"title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
}
JVNDB-2003-000029
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Cross-Site Scripting Vulnerability
Details
w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000029",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6793",
"@id": "6793",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/10842",
"@id": "10842",
"@source": "XF"
},
{
"#text": "http://www.osvdb.org/6981",
"@id": "6981",
"@source": "OSVDB"
}
],
"title": "w3m Cross-Site Scripting Vulnerability"
}
JVNDB-2003-000149
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
lv Arbitrary Command Execution Vulnerability
Details
lv contains a vulnerability of reading and running a .lv file in the current directry.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "lv contains a vulnerability of reading and running a .lv file in the current directry.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
"sec:cpe": [
{
"#text": "cpe:/a:lv:lv",
"@product": "lv",
"@vendor": "NARITA Tomio ",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_workstation",
"@product": "Turbolinux Workstation",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000149",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0188",
"@id": "CVE-2003-0188",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0188",
"@id": "CVE-2003-0188",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/7613",
"@id": "7613",
"@source": "BID"
}
],
"title": "lv Arbitrary Command Execution Vulnerability"
}
JVNDB-2003-000242
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
skk Arbitrary Code Execution Vulnerability
Details
skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000242.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000242.html",
"sec:cpe": [
{
"#text": "cpe:/a:skk:skk",
"@product": "SKK",
"@vendor": "SKK Openlab",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000242",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0539",
"@id": "CVE-2003-0539",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0539",
"@id": "CVE-2003-0539",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/8144",
"@id": "8144",
"@source": "BID"
}
],
"title": "skk Arbitrary Code Execution Vulnerability"
}
JVNDB-2004-000169
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Details
LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000169",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234",
"@id": "CVE-2004-0234",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0234",
"@id": "CVE-2004-0234",
"@source": "NVD"
},
{
"#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977",
"@id": "977",
"@source": "OVAL"
},
{
"#text": "http://www.securityfocus.com/bid/10243",
"@id": "10243",
"@source": "BID"
},
{
"#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
"@id": "LHA Advisory + Patch",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16012",
"@id": "16012",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1015866",
"@id": "1015866",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/1220",
"@id": "FrSIRT/ADV-2006-1220",
"@source": "FRSIRT"
},
{
"#text": "http://osvdb.org/5753",
"@id": "5753",
"@source": "OSVDB"
},
{
"#text": "http://osvdb.org/5754",
"@id": "5754",
"@source": "OSVDB"
}
],
"title": "LHa Vuffer Overflow Vulnerability in Testing and Extracting Process"
}
JVNDB-2003-000163
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
KON2 Buffer Overflow Vulnerability in Command Argument Validation
Details
KON (Kanji ON Linux console), provided by Linux Japan RPM Project, contains a buffer overflow vulnerability due to improper validation of command line arguments.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000163.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "KON (Kanji ON Linux console), provided by Linux Japan RPM Project, contains a buffer overflow vulnerability due to improper validation of command line arguments.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000163.html",
"sec:cpe": [
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000163",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1155",
"@id": "CVE-2002-1155",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1155",
"@id": "CVE-2002-1155",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/7790",
"@id": "7790",
"@source": "BID"
}
],
"title": "KON2 Buffer Overflow Vulnerability in Command Argument Validation"
}
JVNDB-2004-000170
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Details
LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000170",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235",
"@id": "CVE-2004-0235",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235",
"@id": "CVE-2004-0235",
"@source": "NVD"
},
{
"#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978",
"@id": "978",
"@source": "OVAL"
},
{
"#text": "http://www.securityfocus.com/bid/10243",
"@id": "10243",
"@source": "BID"
},
{
"#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
"@id": "LHA Advisory + Patch",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16013",
"@id": "16013",
"@source": "XF"
}
],
"title": "Lha Directory Traversal Vulnerability in Testing and Extracting Process"
}
JVNDB-2002-000291
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Canna irw_through Buffer Overflow Vulnerability
Details
Canna contains a buffer overflow vulnerability in the irw_through function.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2002/JVNDB-2002-000291.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Canna contains a buffer overflow vulnerability in the irw_through function.",
"link": "https://jvndb.jvn.jp/en/contents/2002/JVNDB-2002-000291.html",
"sec:cpe": [
{
"#text": "cpe:/a:canna:canna",
"@product": "Canna",
"@vendor": "Canna Project.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2002-000291",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1158",
"@id": "CVE-2002-1158",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1158",
"@id": "CVE-2002-1158",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6351",
"@id": "6351",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/10831",
"@id": "10831",
"@source": "XF"
}
],
"title": "Canna irw_through Buffer Overflow Vulnerability"
}