Redhat: >> Enterprise Linux Desktop >> 3.0 Security Vulnerabilities
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.092
Published
2005-12-31
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVSS Score
5.0
EPSS Score
0.08
Published
2005-10-25
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-09-01
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVSS Score
5.0
EPSS Score
0.043
Published
2005-08-05
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-06-13
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-18
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-04
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
CVSS Score
6.9
EPSS Score
0.002
Published
2005-05-02
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-02
Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-05-02