Redhat: >> Enterprise Linux >> 5.0 Security Vulnerabilities
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-27
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-09
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
CVSS Score
4.7
EPSS Score
0.005
Published
2019-12-31
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-19
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-11-27
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVSS Score
7.3
EPSS Score
0.005
Published
2019-11-27
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.
CVSS Score
8.8
EPSS Score
0.042
Published
2019-11-26
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-11-26
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-11-26
libuser has information disclosure when moving user's home directory
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-25