Redhat: >> Enterprise Linux >> 4.0 Security Vulnerabilities
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
CVSS Score
4.9
EPSS Score
0.0
Published
2007-11-30
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
CVSS Score
7.5
EPSS Score
0.114
Published
2007-11-07
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
CVSS Score
7.5
EPSS Score
0.034
Published
2007-09-18
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-09-17
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-08-27
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
CVSS Score
6.8
EPSS Score
0.087
Published
2007-08-25
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
CVSS Score
6.2
EPSS Score
0.001
Published
2007-07-15
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVSS Score
4.6
EPSS Score
0.0
Published
2007-05-02
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
CVSS Score
4.9
EPSS Score
0.0
Published
2007-04-16
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
CVSS Score
8.5
EPSS Score
0.075
Published
2007-04-06