All the vulnerabilites related to Red Hat, Inc. - Red Hat Linux
jvndb-2004-000170
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Details
LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000170",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "NVD"
    },
    {
      "#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978",
      "@id": "978",
      "@source": "OVAL"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10243",
      "@id": "10243",
      "@source": "BID"
    },
    {
      "#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
      "@id": "LHA Advisory + Patch",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16013",
      "@id": "16013",
      "@source": "XF"
    }
  ],
  "title": "Lha Directory Traversal Vulnerability in Testing and Extracting Process"
}

jvndb-2003-000149
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
lv Arbitrary Command Execution Vulnerability
Details
lv contains a vulnerability of reading and running a .lv file in the current directry.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "lv contains a vulnerability of reading and running a .lv file in the current directry.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lv:lv",
      "@product": "lv",
      "@vendor": "NARITA Tomio ",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.2",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000149",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0188",
      "@id": "CVE-2003-0188",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0188",
      "@id": "CVE-2003-0188",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/7613",
      "@id": "7613",
      "@source": "BID"
    }
  ],
  "title": "lv Arbitrary Command Execution Vulnerability"
}

jvndb-2003-000030
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
w3m Vulnerability of Unauthorized Access to Files or Cookies
Details
w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:w3m_project:w3m",
      "@product": "w3m",
      "@vendor": "w3m project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000030",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
      "@id": "CVE-2002-1348",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
      "@id": "CVE-2002-1348",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/6794",
      "@id": "6794",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/11266",
      "@id": "11266",
      "@source": "XF"
    }
  ],
  "title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
}

jvndb-2003-000029
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
w3m Cross-Site Scripting Vulnerability
Details
w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:w3m_project:w3m",
      "@product": "w3m",
      "@vendor": "w3m project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000029",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
      "@id": "CVE-2002-1335",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
      "@id": "CVE-2002-1335",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/6793",
      "@id": "6793",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/10842",
      "@id": "10842",
      "@source": "XF"
    },
    {
      "#text": "http://www.osvdb.org/6981",
      "@id": "6981",
      "@source": "OSVDB"
    }
  ],
  "title": "w3m Cross-Site Scripting Vulnerability"
}

jvndb-2002-000291
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Canna irw_through Buffer Overflow Vulnerability
Details
Canna contains a buffer overflow vulnerability in the irw_through function.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2002/JVNDB-2002-000291.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Canna contains a buffer overflow vulnerability in the irw_through function.",
  "link": "https://jvndb.jvn.jp/en/contents/2002/JVNDB-2002-000291.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:canna:canna",
      "@product": "Canna",
      "@vendor": "Canna Project.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.2",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2002-000291",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1158",
      "@id": "CVE-2002-1158",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1158",
      "@id": "CVE-2002-1158",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/6351",
      "@id": "6351",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/10831",
      "@id": "10831",
      "@source": "XF"
    }
  ],
  "title": "Canna irw_through Buffer Overflow Vulnerability"
}

jvndb-2003-000163
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
KON2 Buffer Overflow Vulnerability in Command Argument Validation
Details
KON (Kanji ON Linux console), provided by Linux Japan RPM Project, contains a buffer overflow vulnerability due to improper validation of command line arguments.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000163.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "KON (Kanji ON Linux console), provided by Linux Japan RPM Project, contains a buffer overflow vulnerability due to improper validation of command line arguments.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000163.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.2",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000163",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1155",
      "@id": "CVE-2002-1155",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1155",
      "@id": "CVE-2002-1155",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/7790",
      "@id": "7790",
      "@source": "BID"
    }
  ],
  "title": "KON2 Buffer Overflow Vulnerability in Command Argument Validation"
}

jvndb-2003-000242
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
skk Arbitrary Code Execution Vulnerability
Details
skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000242.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000242.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:skk:skk",
      "@product": "SKK",
      "@vendor": "SKK Openlab",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.6",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000242",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0539",
      "@id": "CVE-2003-0539",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0539",
      "@id": "CVE-2003-0539",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/8144",
      "@id": "8144",
      "@source": "BID"
    }
  ],
  "title": "skk Arbitrary Code Execution Vulnerability"
}

jvndb-2004-000169
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Details
LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000169",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234",
      "@id": "CVE-2004-0234",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0234",
      "@id": "CVE-2004-0234",
      "@source": "NVD"
    },
    {
      "#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977",
      "@id": "977",
      "@source": "OVAL"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10243",
      "@id": "10243",
      "@source": "BID"
    },
    {
      "#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
      "@id": "LHA Advisory + Patch",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16012",
      "@id": "16012",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1015866",
      "@id": "1015866",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/1220",
      "@id": "FrSIRT/ADV-2006-1220",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://osvdb.org/5753",
      "@id": "5753",
      "@source": "OSVDB"
    },
    {
      "#text": "http://osvdb.org/5754",
      "@id": "5754",
      "@source": "OSVDB"
    }
  ],
  "title": "LHa Vuffer Overflow Vulnerability in Testing and Extracting Process"
}