Vulnerabilities > Redhat > Enterprise Linux > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-18 | CVE-2007-0004 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 3.0 The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. | 1.9 |
2007-09-17 | CVE-2007-3379 | Denial-Of-Service vulnerability in Enterprise Linux for SAP Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. | 2.1 |
2007-09-05 | CVE-2007-3849 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 5.0 Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | 1.9 |
2007-08-27 | CVE-2007-2797 | Unspecified vulnerability in Xterm 1927.El4/2083.1 xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | 2.1 |
2007-06-14 | CVE-2007-3099 | Local Denial Of Service vulnerability in Redhat Enterprise Linux 5.0 usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | 2.1 |
2007-06-14 | CVE-2007-3100 | Local Denial Of Service vulnerability in Redhat Open Iscsi 2.0864 usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | 2.1 |
2007-04-06 | CVE-2007-1352 | Local Integer Overflow vulnerability in X.Org LibXFont Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | 3.8 |
2007-03-27 | CVE-2007-1716 | Unspecified vulnerability in Redhat Enterprise Linux 4.4 pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. | 3.4 |
2006-08-11 | CVE-2006-3813 | Unspecified vulnerability in Redhat Enterprise Linux 4.0 A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. | 2.1 |
2005-12-31 | CVE-2005-1918 | Path Traversal vulnerability in multiple products The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | 2.6 |