Openlinux
by Caldera
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0658 | 0.00 | — | 0.02 | Oct 20, 2003 | Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. | |||
| CVE-2002-1199 | 0.00 | — | 0.02 | Oct 28, 2002 | The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. | |||
| CVE-2002-0512 | 0.00 | — | 0.00 | Aug 12, 2002 | startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. | |||
| CVE-2002-0759 | 0.00 | — | 0.01 | Aug 12, 2002 | bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to… | |||
| CVE-2002-0511 | 0.00 | — | 0.02 | Aug 12, 2002 | The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict… | |||
| CVE-2002-0164 | 0.00 | — | 0.00 | Mar 15, 2002 | Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | |||
| CVE-2001-0869 | 0.00 | — | 0.03 | Dec 21, 2001 | Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. | |||
| CVE-2001-0850 | 0.00 | — | 0.02 | Dec 6, 2001 | A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. | |||
| CVE-2001-0851 | 0.00 | — | 0.03 | Dec 6, 2001 | Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. | |||
| CVE-2000-1195 | 0.00 | — | 0.02 | Aug 31, 2001 | telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. | |||
| CVE-2000-0892 | 0.00 | — | 0.01 | Jul 21, 2001 | Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. | |||
| CVE-2001-1030 | 0.00 | — | 0.02 | Jul 18, 2001 | Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||
| CVE-2001-0980 | 0.00 | — | 0.02 | Jul 17, 2001 | docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. | |||
| CVE-2001-0178 | 0.00 | — | 0.00 | Mar 26, 2001 | kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. | |||
| CVE-2001-0181 | 0.00 | — | 0.05 | Mar 26, 2001 | Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands. | |||
| CVE-2001-0139 | 0.00 | — | 0.00 | Mar 12, 2001 | inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2000-0372 | 0.00 | — | 0.00 | Jul 12, 2000 | Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. | |||
| CVE-2000-0566 | 0.00 | — | 0.00 | Jul 3, 2000 | makewhatis in Linux man package allows local users to overwrite files via a symlink attack. | |||
| CVE-2000-0369 | 0.00 | — | 0.02 | Oct 8, 1999 | The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. | |||
| CVE-1999-0880 | 0.00 | — | 0.01 | Oct 1, 1999 | Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
- CVE-2003-0658Oct 20, 2003risk 0.00cvss —epss 0.02
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
- CVE-2002-1199Oct 28, 2002risk 0.00cvss —epss 0.02
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
- CVE-2002-0512Aug 12, 2002risk 0.00cvss —epss 0.00
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
- CVE-2002-0759Aug 12, 2002risk 0.00cvss —epss 0.01
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to…
- CVE-2002-0511Aug 12, 2002risk 0.00cvss —epss 0.02
The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict…
- CVE-2002-0164Mar 15, 2002risk 0.00cvss —epss 0.00
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
- CVE-2001-0869Dec 21, 2001risk 0.00cvss —epss 0.03
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
- CVE-2001-0850Dec 6, 2001risk 0.00cvss —epss 0.02
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
- CVE-2001-0851Dec 6, 2001risk 0.00cvss —epss 0.03
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
- CVE-2000-1195Aug 31, 2001risk 0.00cvss —epss 0.02
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
- CVE-2000-0892Jul 21, 2001risk 0.00cvss —epss 0.01
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
- CVE-2001-1030Jul 18, 2001risk 0.00cvss —epss 0.02
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
- CVE-2001-0980Jul 17, 2001risk 0.00cvss —epss 0.02
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
- CVE-2001-0178Mar 26, 2001risk 0.00cvss —epss 0.00
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
- CVE-2001-0181Mar 26, 2001risk 0.00cvss —epss 0.05
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.
- CVE-2001-0139Mar 12, 2001risk 0.00cvss —epss 0.00
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2000-0372Jul 12, 2000risk 0.00cvss —epss 0.00
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
- CVE-2000-0566Jul 3, 2000risk 0.00cvss —epss 0.00
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
- CVE-2000-0369Oct 8, 1999risk 0.00cvss —epss 0.02
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
- CVE-1999-0880Oct 1, 1999risk 0.00cvss —epss 0.01
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.
Page 2 of 3