Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-25 | CVE-2007-4131 | Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. | 6.8 |
| 2007-07-15 | CVE-2007-3103 | Link Following vulnerability in multiple products The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | 6.2 |
| 2007-06-26 | CVE-2007-3104 | Resource Management Errors vulnerability in Linux Kernel 2.6.0 The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. | 4.9 |
| 2007-06-26 | CVE-2007-0773 | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | 4.6 |
| 2007-05-02 | CVE-2007-0771 | Local Denial of Service vulnerability in Linux Kernel UTrace The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | 4.9 |
| 2007-05-02 | CVE-2007-1859 | Improper Authentication vulnerability in Xscreensaver 4.10 XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | 4.6 |
| 2007-04-16 | CVE-2007-2030 | Unspecified vulnerability in Redhat Enterprise Linux and Fedora Core lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | 4.9 |
| 2007-03-27 | CVE-2006-7176 | Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | 4.3 |
| 2007-03-20 | CVE-2007-0998 | Permissions, Privileges, and Access Controls vulnerability in XEN Qemu The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. | 4.3 |
| 2007-03-02 | CVE-2007-0001 | Local Denial of Service vulnerability in Redhat Enterprise Linux 4.0 The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. local redhat | 4.7 |