VYPR

Openlinux

by Caldera

CVEs (52)

  • CVE-1999-0043CriDec 4, 1996
    risk 0.67cvss 9.8epss 0.45

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

  • CVE-2000-0917Dec 19, 2000
    risk 0.09cvss epss 0.79

    Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

  • CVE-1999-0368Feb 9, 1999
    risk 0.06cvss epss 0.39

    Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

  • CVE-1999-0002Oct 12, 1998
    risk 0.05cvss epss 0.28

    Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

  • CVE-2000-0844Nov 14, 2000
    risk 0.04cvss epss 0.15

    Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

  • CVE-2000-0594Jul 4, 2000
    risk 0.04cvss epss 0.10

    BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

  • CVE-2000-0491May 24, 2000
    risk 0.04cvss epss 0.18

    Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

  • CVE-1999-0879Oct 1, 1999
    risk 0.04cvss epss 0.10

    Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-1999-0042Apr 7, 1997
    risk 0.04cvss epss 0.13

    Buffer overflow in University of Washington's implementation of IMAP and POP servers.

  • CVE-2002-0004Feb 27, 2002
    risk 0.03cvss epss 0.01

    Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

  • CVE-2000-1134Jan 9, 2001
    risk 0.03cvss epss 0.01

    Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

  • CVE-2000-0530May 31, 2000
    risk 0.03cvss epss 0.01

    The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

  • CVE-2000-0438May 22, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

  • CVE-2000-0192Mar 5, 2000
    risk 0.03cvss epss 0.06

    The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.

  • CVE-2000-0218Feb 3, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

  • CVE-2000-0531Nov 23, 1999
    risk 0.03cvss epss 0.01

    Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

  • CVE-1999-0769Aug 25, 1999
    risk 0.03cvss epss 0.01

    Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

  • CVE-2002-0835Oct 4, 2002
    risk 0.01cvss epss 0.07

    Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

  • CVE-1999-0104Dec 16, 1997
    risk 0.01cvss epss 0.09

    A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

Page 1 of 3