VYPR

Openlinux

by Caldera

CVEs (52)

  • CVE-2003-0658Oct 20, 2003
    risk 0.00cvss epss 0.02

    Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

  • CVE-2002-1199Oct 28, 2002
    risk 0.00cvss epss 0.02

    The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

  • CVE-2002-0512Aug 12, 2002
    risk 0.00cvss epss 0.00

    startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.

  • CVE-2002-0759Aug 12, 2002
    risk 0.00cvss epss 0.01

    bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to…

  • CVE-2002-0511Aug 12, 2002
    risk 0.00cvss epss 0.02

    The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict…

  • CVE-2002-0164Mar 15, 2002
    risk 0.00cvss epss 0.00

    Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

  • CVE-2001-0869Dec 21, 2001
    risk 0.00cvss epss 0.03

    Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

  • CVE-2001-0850Dec 6, 2001
    risk 0.00cvss epss 0.02

    A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.

  • CVE-2001-0851Dec 6, 2001
    risk 0.00cvss epss 0.03

    Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

  • CVE-2000-1195Aug 31, 2001
    risk 0.00cvss epss 0.02

    telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.

  • CVE-2000-0892Jul 21, 2001
    risk 0.00cvss epss 0.01

    Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

  • CVE-2001-1030Jul 18, 2001
    risk 0.00cvss epss 0.02

    Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

  • CVE-2001-0980Jul 17, 2001
    risk 0.00cvss epss 0.02

    docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.

  • CVE-2001-0178Mar 26, 2001
    risk 0.00cvss epss 0.00

    kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

  • CVE-2001-0181Mar 26, 2001
    risk 0.00cvss epss 0.05

    Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.

  • CVE-2001-0139Mar 12, 2001
    risk 0.00cvss epss 0.00

    inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2000-0372Jul 12, 2000
    risk 0.00cvss epss 0.00

    Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

  • CVE-2000-0566Jul 3, 2000
    risk 0.00cvss epss 0.00

    makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

  • CVE-2000-0369Oct 8, 1999
    risk 0.00cvss epss 0.02

    The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

  • CVE-1999-0880Oct 1, 1999
    risk 0.00cvss epss 0.01

    Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.