Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0638 | setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | 6.2 |
| 2002-05-29 | CVE-2002-0169 | Unspecified vulnerability in Redhat Docbook Stylesheets and Docbook Utils The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. | 4.6 |
| 2001-12-21 | CVE-2001-0886 | Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. | 4.6 |
| 2001-12-06 | CVE-2001-0859 | Unspecified vulnerability in Redhat Linux 7.1 2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions. | 5.0 |
| 2001-12-06 | CVE-2001-0852 | Denial of Service vulnerability in Redhat Linux 7.2 TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header. | 5.0 |
| 2001-11-28 | CVE-2001-0868 | Information Disclosure vulnerability in Redhat Stronghold 2.3/3.0 Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | 5.0 |
| 2001-10-18 | CVE-2001-0787 | Unspecified vulnerability in Redhat Linux 7.0/7.1 LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. | 4.6 |
| 2001-09-26 | CVE-2001-1383 | Unspecified vulnerability in Redhat Linux 7.1 initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. | 6.2 |
| 2001-09-20 | CVE-2001-0641 | Heap Overflow vulnerability in Man -S Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. | 4.6 |
| 2001-09-12 | CVE-2001-1013 | Remote Username Enumeration vulnerability in Redhat Linux 7.0 Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | 5.0 |