CVE-2009-1893
- EPSS 0.6%
- Veröffentlicht 17.07.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:18
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
CVE-2009-1837
- EPSS 4.33%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:09
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,...
- EPSS 8.9%
- Veröffentlicht 09.04.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:56
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code...
- EPSS 2.92%
- Veröffentlicht 12.02.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:39
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restric...
- EPSS 1.41%
- Veröffentlicht 27.11.2008 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:34
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
CVE-2008-4315
- EPSS 2.7%
- Veröffentlicht 27.11.2008 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:35
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password ...
CVE-2008-3825
- EPSS 0.35%
- Veröffentlicht 03.10.2008 15:07:10
- Zuletzt bearbeitet 16.06.2026 22:56:36
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME en...
CVE-2008-4302
- EPSS 0.62%
- Veröffentlicht 29.09.2008 17:17:29
- Zuletzt bearbeitet 16.06.2026 22:57:33
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a deni...
CVE-2008-3270
- EPSS 0.83%
- Veröffentlicht 18.08.2008 17:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:30
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of update...
CVE-2008-2365
- EPSS 0.53%
- Veröffentlicht 30.06.2008 21:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:38
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another ...