Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-02 | CVE-2008-1036 | Cross-Site Scripting vulnerability in multiple products The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
| 2008-05-23 | CVE-2007-5495 | Link Following vulnerability in Selinux Setroubleshoot 2.0.5 sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | 4.4 |
| 2008-05-16 | CVE-2008-1420 | Numeric Errors vulnerability in Xiph.Org Libvorbis Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. | 6.8 |
| 2008-05-16 | CVE-2008-1419 | Improper Input Validation vulnerability in Xiph.Org Libvorbis Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. | 4.3 |
| 2008-05-08 | CVE-2008-1615 | Resource Management Errors vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | 4.9 |
| 2008-05-08 | CVE-2007-5001 | Resource Management Errors vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. | 4.9 |
| 2008-02-26 | CVE-2008-0597 | Resource Management Errors vulnerability in Easy Software products Cups 1.1.17/1.1.22 Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | 5.0 |
| 2007-12-20 | CVE-2007-6285 | Configuration vulnerability in Redhat Enterprise Linux 4.0/5.0 The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | 6.2 |
| 2007-12-18 | CVE-2007-6283 | Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | 4.9 |
| 2007-12-13 | CVE-2007-5964 | Configuration vulnerability in Redhat Enterprise Linux 5.0 The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | 6.9 |