| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3301 |
|
|
DoS |
2013-04-29 |
2013-04-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. |
|
2 |
CVE-2013-2015 |
399 |
|
DoS |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. |
|
3 |
CVE-2013-1928 |
200 |
|
+Info |
2013-04-29 |
2013-04-29 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. |
|
4 |
CVE-2013-1861 |
119 |
|
DoS Overflow |
2013-03-28 |
2013-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and unspecified versions of Oracle MySQL, allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. |
|
5 |
CVE-2013-1774 |
264 |
|
DoS |
2013-02-28 |
2013-03-01 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. |
|
6 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2013-03-01 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
|
7 |
CVE-2013-0311 |
|
|
|
2013-02-21 |
2013-03-22 |
6.5 |
None |
Local Network |
High |
Single system |
Complete |
Complete |
Complete |
|
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. |
|
8 |
CVE-2013-0310 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. |
|
9 |
CVE-2013-0309 |
119 |
|
DoS Overflow |
2013-02-21 |
2013-02-22 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
10 |
CVE-2013-0219 |
264 |
|
|
2013-02-24 |
2013-02-25 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. |
|
11 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2013-03-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
12 |
CVE-2012-6548 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
13 |
CVE-2012-6546 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
14 |
CVE-2012-6545 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
15 |
CVE-2012-6544 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. |
|
16 |
CVE-2012-6542 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. |
|
17 |
CVE-2012-6538 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
18 |
CVE-2012-6537 |
200 |
|
+Info |
2013-03-15 |
2013-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
19 |
CVE-2012-6137 |
255 |
|
+Info |
2013-05-21 |
2013-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. |
|
20 |
CVE-2012-5536 |
20 |
|
+Priv +Info |
2013-02-21 |
2013-02-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. |
|
21 |
CVE-2012-4546 |
16 |
|
Bypass |
2013-04-02 |
2013-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. |
|
22 |
CVE-2012-4453 |
264 |
|
+Info |
2012-10-09 |
2013-01-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. |
|
23 |
CVE-2012-3440 |
59 |
|
|
2012-08-08 |
2012-08-08 |
5.6 |
None |
Local |
High |
Not required |
None |
Complete |
Complete |
|
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. |
|
24 |
CVE-2012-2697 |
20 |
|
DoS |
2013-02-24 |
2013-02-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map." |
|
25 |
CVE-2012-2124 |
399 |
|
DoS |
2013-01-18 |
2013-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813. |
|
26 |
CVE-2012-1568 |
|
|
Bypass |
2013-03-01 |
2013-03-01 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. |
|
27 |
CVE-2011-1576 |
119 |
|
DoS Overflow Mem. Corr. |
2011-08-31 |
2012-06-15 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. |
|
28 |
CVE-2011-1011 |
264 |
|
DoS +Priv |
2011-02-24 |
2011-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. |
|
29 |
CVE-2011-0714 |
399 |
|
DoS |
2011-05-04 |
2012-03-19 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. |
|
30 |
CVE-2011-0536 |
|
|
+Priv |
2011-04-08 |
2012-01-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
|
31 |
CVE-2010-4161 |
399 |
|
DoS |
2010-12-30 |
2011-10-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. |
|
32 |
CVE-2010-2598 |
20 |
|
DoS |
2010-07-02 |
2010-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." |
|
33 |
CVE-2010-0730 |
20 |
|
DoS |
2010-05-12 |
2012-03-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. |
|
34 |
CVE-2010-0729 |
264 |
|
+Priv |
2010-03-16 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. |
|
35 |
CVE-2010-0727 |
399 |
|
DoS |
2010-03-16 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. |
|
36 |
CVE-2009-4272 |
20 |
|
DoS |
2010-01-27 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. |
|
37 |
CVE-2009-3556 |
264 |
|
|
2010-01-27 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. |
|
38 |
CVE-2009-1893 |
59 |
|
|
2009-07-17 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. |
|
39 |
CVE-2009-1887 |
189 |
|
DoS |
2009-06-26 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. |
|
40 |
CVE-2008-4315 |
|
|
|
2008-11-26 |
2010-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. |
|
41 |
CVE-2008-4313 |
264 |
|
Bypass |
2008-11-26 |
2010-08-21 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. |
|
42 |
CVE-2008-3825 |
264 |
|
+Priv |
2008-10-03 |
2011-02-17 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. |
|
43 |
CVE-2008-3270 |
310 |
|
DoS |
2008-08-18 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. |
|
44 |
CVE-2008-2365 |
362 |
|
DoS |
2008-06-30 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x. |
|
45 |
CVE-2008-1951 |
264 |
|
+Priv |
2008-06-25 |
2010-08-21 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus. |
|
46 |
CVE-2008-1767 |
119 |
|
DoS Exec Code Overflow |
2008-05-23 |
2012-10-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. |
|
47 |
CVE-2008-1615 |
399 |
|
DoS |
2008-05-07 |
2012-11-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. |
|
48 |
CVE-2008-1198 |
16 |
|
|
2008-03-06 |
2008-09-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. |
|
49 |
CVE-2008-1036 |
79 |
|
XSS |
2008-06-02 |
2011-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. |
|
50 |
CVE-2007-6285 |
16 |
|
|
2007-12-20 |
2010-11-16 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. |
