Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-02 | CVE-2010-2598 | Improper Input Validation vulnerability in Redhat Enterprise Linux 3/3.0 LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | 4.3 |
| 2010-03-16 | CVE-2010-0729 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 4 A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. | 6.9 |
| 2010-03-16 | CVE-2010-0727 | Resource Management Errors vulnerability in multiple products The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. | 4.9 |
| 2010-01-28 | CVE-2004-2766 | Information Exposure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
| 2010-01-28 | CVE-2004-2765 | Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
| 2009-10-01 | CVE-2009-2904 | Configuration vulnerability in Openbsd Openssh 4.3/4.8 A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. | 6.9 |
| 2009-09-04 | CVE-2009-2697 | Improper Authentication vulnerability in Gnome GDM The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | 6.8 |
| 2009-08-18 | CVE-2009-2848 | Improper Privilege Management vulnerability in multiple products The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | 5.9 |
| 2009-08-11 | CVE-2009-2416 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | 6.5 |
| 2009-05-28 | CVE-2009-1384 | Improper Authentication vulnerability in Eyrie Pam-Krb5 2.2.14/2.3/2.3.4 pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | 5.0 |