Lucene search

K
RedhatEnterprise Linux

39 matches found

CVE
CVE
added 2015/11/24 8:59 p.m.212 views

CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate att...

2.6CVSS6.3AI score0.0006EPSS
CVE
CVE
added 2013/07/04 9:55 p.m.117 views

CVE-2013-2164

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

2.1CVSS5.6AI score0.00073EPSS
CVE
CVE
added 2023/03/27 9:15 p.m.115 views

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be ...

2.3CVSS4.6AI score0.00012EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.100 views

CVE-2004-0554

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

2.1CVSS5.9AI score0.00665EPSS
CVE
CVE
added 2012/04/11 10:39 a.m.100 views

CVE-2012-0042

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.

2.9CVSS6.2AI score0.00206EPSS
CVE
CVE
added 2015/10/22 12:0 a.m.93 views

CVE-2015-4910

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

2.1CVSS5AI score0.00504EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.89 views

CVE-2004-0968

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.8AI score0.00072EPSS
CVE
CVE
added 2014/06/23 11:21 a.m.88 views

CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

2.3CVSS6.6AI score0.00091EPSS
CVE
CVE
added 2013/11/23 6:55 p.m.80 views

CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

2.1CVSS6.6AI score0.00143EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.76 views

CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.73 views

CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

2.1CVSS7AI score0.00198EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.72 views

CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

2.1CVSS7.4AI score0.0008EPSS
CVE
CVE
added 2005/03/13 5:0 a.m.72 views

CVE-2005-0736

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

2.1CVSS6AI score0.00049EPSS
CVE
CVE
added 2024/09/10 2:15 p.m.70 views

CVE-2024-8443

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code executio...

2.9CVSS4.7AI score0.00046EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.69 views

CVE-2004-0497

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

2.1CVSS5.7AI score0.00293EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.68 views

CVE-1999-1572

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

2.1CVSS5.9AI score0.00112EPSS
CVE
CVE
added 2013/07/09 5:55 p.m.66 views

CVE-2013-2051

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.

2.6CVSS6.5AI score0.03081EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.64 views

CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

2.1CVSS7AI score0.00386EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.62 views

CVE-2016-0607

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

2.8CVSS5.5AI score0.00593EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.62 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.61 views

CVE-2016-0605

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.

2.1CVSS5.6AI score0.00591EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.59 views

CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

2.1CVSS6.3AI score0.00058EPSS
CVE
CVE
added 2006/02/21 7:0 p.m.59 views

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

2.6CVSS6.2AI score0.02059EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.58 views

CVE-2005-0090

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

2.1CVSS6AI score0.00058EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.55 views

CVE-2004-0491

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

2.1CVSS6.2AI score0.00087EPSS
CVE
CVE
added 2010/05/12 11:46 a.m.55 views

CVE-2010-0730

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

2.6CVSS6.8AI score0.01478EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-1038

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

2.1CVSS5.5AI score0.00102EPSS
CVE
CVE
added 2007/06/14 7:30 p.m.54 views

CVE-2007-3099

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss)...

2.1CVSS6.2AI score0.00226EPSS
CVE
CVE
added 2005/10/25 5:6 p.m.53 views

CVE-2005-2100

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

2.1CVSS7.1AI score0.00058EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.51 views

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

2.1CVSS7.1AI score0.00063EPSS
CVE
CVE
added 2019/11/27 4:15 p.m.51 views

CVE-2016-4980

A password generation weakness exists in xquest through 2016-06-13.

2.5CVSS3.8AI score0.00129EPSS
CVE
CVE
added 2006/02/28 1:0 a.m.50 views

CVE-2003-1295

Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

2.1CVSS6.5AI score0.00065EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-0812

Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

2.1CVSS7AI score0.00072EPSS
CVE
CVE
added 2007/09/17 5:17 p.m.46 views

CVE-2007-3379

Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

2.1CVSS6.1AI score0.00057EPSS
CVE
CVE
added 2006/08/11 9:4 p.m.44 views

CVE-2006-3813

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.

2.1CVSS6AI score0.00372EPSS
CVE
CVE
added 2005/02/21 5:0 a.m.43 views

CVE-2005-0092

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

2.1CVSS6AI score0.00058EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2008/08/18 5:41 p.m.42 views

CVE-2008-3270

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of offi...

2.6CVSS6.4AI score0.00302EPSS