Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
There are 108 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Published: December 22, 2016; 4:59:00 PM -0500
V3.0: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1565

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 09, 2015; 12:59:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5364

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.

Published: January 25, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

Published: April 08, 2011; 11:17:26 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-2526

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

Published: August 05, 2010; 9:22:29 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Published: July 02, 2010; 8:43:53 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

Published: July 17, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2009-1887

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

Published: June 26, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-2375

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Published: July 08, 2008; 8:41:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2008-2366

Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.

Published: June 16, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2008-1767

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

Published: May 23, 2008; 11:32:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0889

Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

Published: March 19, 2008; 8:44:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Published: March 06, 2008; 4:44:00 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Published: November 07, 2007; 6:46:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Published: September 18, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

Published: September 18, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Published: September 18, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2797

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

Published: August 27, 2007; 1:17:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Published: June 27, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM