Redhat: >> Enterprise Linux >> 6.0 Security Vulnerabilities
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-06-09
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-14
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-01-14
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-19
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-06-12
Page 1