CVE Daily
← All tags

Tag: Red Hat Enterprise Linux

All CVEs associated with "Red Hat Enterprise Linux". Page 2/2 • 205 CVEs.

Subscribe CVEs: RSS for “Red Hat Enterprise Linux”  ·  RSS (High+Critical only)

About “Red Hat Enterprise Linux”

A curated feed of “Red Hat Enterprise Linux”-related CVEs appears below. We currently track 205 CVEs for this tag (all time). In the last 365 days, 7 were published. Average CVSS is 5.9 (all time; 5.9 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-61 - UNIX Symbolic Link (Symlink) Following, CWE-416 - Use After Free, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2013-04-03
Medium

CVE-2012-4546

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica,…

CVSS: 4.3 CWE: CWE-16 View on NVD
2013-03-01
Low

CVE-2012-1568

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bi…

CVSS: 1.9 CWE: N/A View on NVD
2013-02-24
Medium

CVE-2012-2697

Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via…

CVSS: 4.9 CWE: CWE-20 - Improper Input Validation View on NVD
2013-02-22
Medium

CVE-2012-5536

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
2013-01-18
Medium

CVE-2012-2124

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial…

CVSS: 5.0 CWE: CWE-399 View on NVD
2012-10-09
Low

CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to o…

CVSS: 2.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Low

CVE-2012-4452

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX…

CVSS: 2.1 CWE: CWE-264 View on NVD
2012-08-08
Medium

CVE-2012-3440

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

CVSS: 5.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2012-06-16
Medium

CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remot…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2011-12-15
Low

CVE-2011-4339

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for…

CVSS: 3.6 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2011-08-31
Medium

CVE-2011-1576

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV)…

CVSS: 5.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-05-04
Medium

CVE-2011-0714

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause…

CVSS: 5.7 CWE: CWE-399 View on NVD
2011-04-08
Medium

CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in…

CVSS: 6.9 CWE: N/A View on NVD
2011-02-24
Medium

CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and…

CVSS: 6.9 CWE: CWE-264 View on NVD
2011-01-22
Medium

CVE-2010-4238

The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted ac…

CVSS: 5.5 CWE: CWE-264 View on NVD
2010-12-30
Medium

CVE-2010-4161

The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and…

CVSS: 4.9 CWE: CWE-399 View on NVD
2010-10-08
Medium

CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Ta…

CVSS: 4.9 CWE: CWE-399 View on NVD
2010-08-05
Medium

CVE-2009-2696

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Lin…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-07-02
Medium

CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2010-06-07
Low

CVE-2010-1439

yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, wh…

CVSS: 3.6 CWE: CWE-264 View on NVD
2010-05-12
Low

CVE-2010-0730

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vecto…

CVSS: 2.6 CWE: CWE-20 - Improper Input Validation View on NVD
2010-03-16
Medium

CVE-2010-0729

A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via…

CVSS: 6.9 CWE: CWE-264 View on NVD
Medium

CVE-2010-0727

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX lo…

CVSS: 4.9 CWE: CWE-399 View on NVD
2010-01-27
High

CVE-2009-4272

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that f…

CVSS: 7.5 CWE: CWE-667 - Improper Locking View on NVD
Low

CVE-2009-3556

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable…

CVSS: 1.9 CWE: CWE-264 View on NVD
2009-10-01
Medium

CVE-2009-2904

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privilege…

CVSS: 6.9 CWE: CWE-16 View on NVD
2009-09-04
Medium

CVE-2009-2697

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended acc…

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
2009-08-28
High

CVE-2009-2695

The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL point…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-07-17
Medium

CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified tem…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-06-26
Medium

CVE-2009-1887

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers…

CVSS: 5.0 CWE: CWE-369 - Divide By Zero View on NVD
2009-05-28
Medium

CVE-2009-1384

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumer…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2009-03-31
High

CVE-2008-6560

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption)…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-02-20
Medium

CVE-2009-0577

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that trigg…

CVSS: 6.8 CWE: CWE-189 View on NVD
2008-12-09
High

CVE-2008-4310

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE:…

CVSS: 7.8 CWE: CWE-399 View on NVD
2008-11-27
Medium

CVE-2008-4315

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier f…

CVSS: 6.8 CWE: N/A View on NVD
2008-11-01
Low

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

CVSS: 2.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2008-10-03
Medium

CVE-2008-3825

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local us…

CVSS: 4.4 CWE: CWE-264 View on NVD
2008-08-27
Critical

CVE-2008-3844

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that al…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-08-18
Low

CVE-2008-3270

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle att…

CVSS: 2.6 CWE: CWE-310 View on NVD
2008-08-01
High

CVE-2008-1376

A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restr…

CVSS: 7.5 CWE: CWE-264 View on NVD
2008-07-09
High

CVE-2008-2375

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumpti…

CVSS: 7.1 CWE: CWE-399 View on NVD
2008-06-30
Medium

CVE-2008-2365

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a lo…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2008-2944

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oop…

CVSS: 4.9 CWE: CWE-415 - Double Free View on NVD
2008-06-25
Medium

CVE-2008-1951

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (R…

CVSS: 4.6 CWE: CWE-264 View on NVD
2008-06-16
Medium

CVE-2008-2366

Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious l…

CVSS: 4.4 CWE: CWE-16 View on NVD
2008-06-02
Medium

CVE-2008-1036

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversio…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2008-05-22
High

CVE-2007-5962

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to ca…

CVSS: 7.1 CWE: CWE-399 View on NVD
2008-04-04
Medium

CVE-2008-0884

The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of…

CVSS: 6.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2008-1374

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2008-03-20
Low

CVE-2008-0889

Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying th…

CVSS: 2.1 CWE: CWE-264 View on NVD
2008-03-06
High

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brut…

CVSS: 7.1 CWE: N/A View on NVD
2008-02-05
High

CVE-2007-4130

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denia…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2007-12-20
Medium

CVE-2007-6285

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows…

CVSS: 6.2 CWE: CWE-16 View on NVD
2007-12-18
Medium

CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2007-12-13
Medium

CVE-2007-5964

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to…

CVSS: 6.9 CWE: CWE-16 View on NVD
2007-11-30
Medium

CVE-2007-5494

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open…

CVSS: 4.9 CWE: CWE-399 View on NVD
2007-10-23
Medium

CVE-2007-4574

Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vector…

CVSS: 4.7 CWE: N/A View on NVD
2007-09-25
Medium

CVE-2007-5079

Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.

CVSS: 6.0 CWE: N/A View on NVD
2007-09-18
Low

CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (m…

CVSS: 1.9 CWE: CWE-264 View on NVD
Low

CVE-2007-1865

The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the…

CVSS: 1.9 CWE: CWE-189 View on NVD
2007-09-17
Low

CVE-2007-3379

Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_g…

CVSS: 2.1 CWE: N/A View on NVD
2007-09-05
Low

CVE-2007-3849

Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent a…

CVSS: 1.9 CWE: CWE-264 View on NVD
2007-08-27
Low

CVE-2007-2797

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

CVSS: 2.1 CWE: N/A View on NVD
2007-07-19
Medium

CVE-2007-3908

Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Ob…

CVSS: 4.6 CWE: N/A View on NVD
2007-06-26
Medium

CVE-2007-3104

The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a…

CVSS: 4.9 CWE: CWE-399 View on NVD
2007-03-27
High

CVE-2006-7175

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used tha…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-7176

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which mi…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-02
Medium

CVE-2007-0001

The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a…

CVSS: 4.7 CWE: N/A View on NVD
2007-02-16
Critical

CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RH…

CVSS: 10.0 CWE: N/A View on NVD
2006-10-17
Medium

CVE-2006-4342

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
2006-10-10
High

CVE-2006-5170

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a Passwo…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2006-08-11
Low

CVE-2006-3813

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.

CVSS: 2.1 CWE: N/A View on NVD
2006-07-27
Medium

CVE-2006-2933

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually l…

CVSS: 4.6 CWE: N/A View on NVD
2005-12-31
Low

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwr…

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2005-3629

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to ga…

CVSS: 7.2 CWE: N/A View on NVD
2005-10-25
Low

CVE-2005-2100

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of servi…

CVSS: 2.1 CWE: N/A View on NVD
2005-09-01
High

CVE-2005-0403

init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial…

CVSS: 7.2 CWE: N/A View on NVD
2005-05-18
Low

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system cras…

CVSS: 2.1 CWE: N/A View on NVD
2005-05-02
High

CVE-2005-0086

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrat…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2005-0090

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

CVSS: 2.1 CWE: N/A View on NVD
High

CVE-2005-0091

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges…

CVSS: 7.2 CWE: N/A View on NVD
2005-04-14
Low

CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

CVSS: 2.1 CWE: N/A View on NVD
2005-02-19
Low

CVE-2005-0092

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

CVSS: 2.1 CWE: N/A View on NVD
2004-12-31
Low

CVE-2004-0491

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to m…

CVSS: 2.1 CWE: N/A View on NVD
2003-05-12
High

CVE-2003-0084

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands v…

CVSS: 7.5 CWE: N/A View on NVD