Enterprise Linux@5.0 Security Vulnerabilities and Issues — Enterprise Linux@5.0 CVE List

Lucene search

RedhatEnterprise Linux5.0

15 matches found

CVE•added 2020/12/15 5:15 p.m.•401 views

CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges t...

7.2CVSS6.8AI score0.00025EPSS

CVE•added 2020/02/20 5:15 p.m.•356 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demons...

9.8CVSS7.5AI score0.10304EPSS

CVE•added 2020/05/12 7:15 p.m.•336 views

CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent pro...

5.3CVSS6AI score0.00026EPSS

CVE•added 2020/12/08 1:15 a.m.•289 views

CVE-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

7.5CVSS7.5AI score0.00652EPSS

CVE•added 2020/12/04 3:15 p.m.•257 views

CVE-2020-27771

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could b...

4.3CVSS4.8AI score0.00072EPSS

CVE•added 2020/12/04 10:15 p.m.•255 views

CVE-2020-27773

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to applic...

4.3CVSS4.7AI score0.00059EPSS

CVE•added 2020/12/04 9:15 p.m.•253 views

CVE-2020-27774

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but cou...

4.3CVSS4.7AI score0.00059EPSS

CVE•added 2020/12/04 9:15 p.m.•253 views

CVE-2020-27775

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but ...

4.3CVSS4.6AI score0.00059EPSS

CVE•added 2020/12/04 9:15 p.m.•249 views

CVE-2020-27776

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, bu...

4.3CVSS4.6AI score0.00045EPSS

CVE•added 2020/12/04 10:15 p.m.•242 views

CVE-2020-27772

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int. This would most likely lead to an impact to application availability, but could pot...

4.3CVSS4.6AI score0.00059EPSS

CVE•added 2020/01/31 10:15 p.m.•236 views

CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

3.5CVSS5AI score0.01897EPSS

CVE•added 2020/12/04 3:15 p.m.•163 views

CVE-2020-27765

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause o...

4.3CVSS4.6AI score0.00064EPSS

CVE•added 2020/12/04 3:15 p.m.•159 views

CVE-2020-27767

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types float and unsigned char. This would most likely lead to an impact to application availab...

4.3CVSS4.7AI score0.00059EPSS

CVE•added 2020/01/27 4:15 p.m.•140 views

CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

7.5CVSS7.3AI score0.00584EPSS

CVE•added 2020/01/09 9:15 p.m.•60 views

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

7.8CVSS7.8AI score0.00397EPSS