Redhat: >> Enterprise Linux Desktop Security Vulnerabilities
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.093
Published
2005-12-31
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-12-22
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
CVSS Score
2.1
EPSS Score
0.001
Published
2005-10-25
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVSS Score
5.0
EPSS Score
0.208
Published
2005-10-25
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-09-01
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVSS Score
5.0
EPSS Score
0.043
Published
2005-08-05
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-06-13
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-18
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-04
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
CVSS Score
6.9
EPSS Score
0.007
Published
2005-05-02