Immunix

CVEs (26)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2002-0083	Cri	0.67	9.8	0.02	Mar 15, 2002	Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2001-0736		0.03	—	0.00	Oct 18, 2001	Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0641		0.03	—	0.00	Sep 20, 2001	Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
CVE-2001-0170		0.03	—	0.01	Mar 26, 2001	glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
CVE-2000-1134		0.03	—	0.00	Jan 9, 2001	Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
CVE-2000-1095		0.03	—	0.00	Jan 9, 2001	modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
CVE-2000-0844		0.03	—	0.01	Nov 14, 2000	Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-2002-1565		0.00	—	0.01	Jun 16, 2003	Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
CVE-2000-1208		0.00	—	0.00	Aug 12, 2002	Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
CVE-2001-0738		0.00	—	0.02	Oct 18, 2001	LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
CVE-2001-1030		0.00	—	0.00	Jul 18, 2001	Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
CVE-2001-0416		0.00	—	0.00	Jun 27, 2001	sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
CVE-2001-0473		0.00	—	0.01	Jun 27, 2001	Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
CVE-2001-0118		0.00	—	0.00	Mar 12, 2001	rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0142		0.00	—	0.00	Mar 12, 2001	squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVE-2001-0116		0.00	—	0.00	Mar 12, 2001	gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0119		0.00	—	0.00	Mar 12, 2001	getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0120		0.00	—	0.00	Mar 12, 2001	useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0140		0.00	—	0.00	Mar 12, 2001	arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVE-2001-0143		0.00	—	0.00	Mar 12, 2001	vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

Page 1 of 2