Redhat: >> Enterprise Linux Desktop >> 3.0 Security Vulnerabilities
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS Score
7.5
EPSS Score
0.056
Published
2004-11-23
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVSS Score
5.0
EPSS Score
0.034
Published
2004-11-23
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-11-23
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
CVSS Score
7.5
EPSS Score
0.009
Published
2004-11-23
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
CVSS Score
7.5
EPSS Score
0.005
Published
2004-10-20
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
CVSS Score
5.0
EPSS Score
0.018
Published
2004-10-18
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.242
Published
2004-09-28
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-09-28
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVSS Score
5.0
EPSS Score
0.149
Published
2004-09-16
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS Score
7.5
EPSS Score
0.032
Published
2004-09-16