Lucene search

K
RedhatEnterprise Linux

72 matches found

CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-1038

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

2.1CVSS5.5AI score0.00102EPSS
CVE
CVE
added 2005/12/22 11:3 a.m.54 views

CVE-2005-3631

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

4.6CVSS5.9AI score0.00052EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5CVSS6.2AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

7.5CVSS7.2AI score0.00949EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.53 views

CVE-2005-0091

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

7.2CVSS6.4AI score0.00047EPSS
CVE
CVE
added 2005/03/07 5:0 a.m.53 views

CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

5.1CVSS7.6AI score0.0334EPSS
CVE
CVE
added 2005/10/25 5:6 p.m.53 views

CVE-2005-2100

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

2.1CVSS7.1AI score0.00058EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.52 views

CVE-2004-0946

rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.

10CVSS7.7AI score0.20844EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.52 views

CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2005/03/09 5:0 a.m.52 views

CVE-2005-0699

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

7.5CVSS7.7AI score0.04233EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.51 views

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

2.1CVSS7.1AI score0.00063EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.49 views

CVE-2004-0961

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

5CVSS6.2AI score0.02641EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.49 views

CVE-2004-1057

Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.

7.2CVSS7.2AI score0.00051EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.48 views

CVE-2004-0812

Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

2.1CVSS7AI score0.00072EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.46 views

CVE-2004-0960

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

5CVSS6.3AI score0.02641EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.45 views

CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5CVSS6.2AI score0.01288EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.45 views

CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.44 views

CVE-2005-0087

The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.

4.6CVSS7.5AI score0.00078EPSS
CVE
CVE
added 2005/02/21 5:0 a.m.43 views

CVE-2005-0092

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

2.1CVSS6AI score0.00058EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-1061

The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."

5CVSS6.3AI score0.03898EPSS
Total number of security vulnerabilities72