Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Stronghold
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0542 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | ||||
| CVE-2004-0594 | 7 Avaya, Debian, Hp and 4 more | 9 Converged Communications Server, Debian Linux, Hp-ux and 6 more | 2025-04-03 | N/A |
| The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | ||||
| CVE-2004-0595 | 4 Avaya, Php, Redhat and 1 more | 11 Converged Communications Server, Integrated Management, S8300 and 8 more | 2025-04-03 | N/A |
| The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2025-04-03 | 7.8 High |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
| CVE-2005-3388 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | ||||
| CVE-2006-0996 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | ||||
| CVE-2004-1018 | 3 Canonical, Php, Redhat | 5 Ubuntu Linux, Php, Enterprise Linux and 2 more | 2025-04-03 | N/A |
| Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | ||||
| CVE-2006-3017 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-03 | N/A |
| zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. | ||||
| CVE-2002-0986 | 2 Php, Redhat | 5 Php, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | ||||
| CVE-2005-3389 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2025-04-03 | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | ||||
| CVE-2002-1148 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2025-04-03 | N/A |
| The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | ||||
| CVE-2002-0653 | 2 Modssl, Redhat | 6 Mod Ssl, Enterprise Linux, Linux and 3 more | 2025-04-03 | 7.8 High |
| Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | ||||
| CVE-2002-0840 | 3 Apache, Oracle, Redhat | 9 Http Server, Application Server, Database Server and 6 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | ||||
| CVE-2004-0885 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Network Proxy and 3 more | 2025-04-03 | N/A |
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||||
| CVE-2006-1990 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-03 | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | ||||
| CVE-2006-3016 | 2 Php Group, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-03 | N/A |
| Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | ||||
| CVE-2006-1494 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-03 | N/A |
| Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | ||||
| CVE-2002-1157 | 2 Mod Ssl, Redhat | 5 Mod Ssl, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | ||||
| CVE-2002-1394 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2025-04-03 | N/A |
| Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | ||||
| CVE-2004-1019 | 5 Openpkg, Php, Redhat and 2 more | 7 Openpkg, Php, Enterprise Linux and 4 more | 2025-04-03 | N/A |
| The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | ||||