Enterprise Linux@5.0 Security Vulnerabilities and Issues — Enterprise Linux@5.0 CVE List

Lucene search

RedhatEnterprise Linux5.0

10 matches found

CVE•added 2008/02/29 7:44 p.m.•89 views

CVE-2008-0595

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

4.6CVSS5.2AI score0.00048EPSS

CVE•added 2008/05/23 3:32 p.m.•73 views

CVE-2008-1767

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

7.5CVSS7.4AI score0.2079EPSS

CVE•added 2008/03/06 9:44 p.m.•70 views

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

7.1CVSS6.3AI score0.00428EPSS

CVE•added 2008/09/29 5:17 p.m.•64 views

CVE-2008-4302

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as d...

5.5CVSS5.1AI score0.00147EPSS

CVE•added 2008/06/30 9:41 p.m.•53 views

CVE-2008-2944

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CV...

4.9CVSS5.8AI score0.01283EPSS

CVE•added 2008/11/27 12:30 a.m.•53 views

CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

6CVSS6AI score0.00556EPSS

CVE•added 2008/05/22 1:9 p.m.•50 views

CVE-2007-5962

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by ...

7.1CVSS6.2AI score0.18831EPSS

CVE•added 2008/04/04 12:44 a.m.•44 views

CVE-2008-0884

The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...

6.9CVSS6.5AI score0.00035EPSS

CVE•added 2008/08/18 5:41 p.m.•42 views

CVE-2008-3270

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of offi...

2.6CVSS6.4AI score0.00302EPSS

CVE•added 2008/11/27 12:30 a.m.•39 views

CVE-2008-4315

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

6.8CVSS6.7AI score0.01577EPSS