VYPR

Secure Linux

by Trustix

CVEs (74)

  • CVE-2004-0685Dec 23, 2004
    risk 0.00cvss epss 0.00

    Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

  • CVE-2004-0565Dec 6, 2004
    risk 0.00cvss epss 0.00

    Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

  • CVE-2004-0801Sep 16, 2004
    risk 0.00cvss epss 0.04

    Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.

  • CVE-2004-0421Aug 18, 2004
    risk 0.00cvss epss 0.04

    The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

  • CVE-2004-0535Aug 6, 2004
    risk 0.00cvss epss 0.00

    The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

  • CVE-2004-0686Jul 27, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

  • CVE-2002-1319Dec 11, 2002
    risk 0.00cvss epss 0.00

    The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

  • CVE-2001-0739Oct 18, 2001
    risk 0.00cvss epss 0.00

    Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.

  • CVE-2001-1030Jul 18, 2001
    risk 0.00cvss epss 0.02

    Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

  • CVE-2001-1240Jul 11, 2001
    risk 0.00cvss epss 0.02

    The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

  • CVE-2001-0117Mar 12, 2001
    risk 0.00cvss epss 0.00

    sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

  • CVE-2001-0142Mar 12, 2001
    risk 0.00cvss epss 0.00

    squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2000-0867Nov 14, 2000
    risk 0.00cvss epss 0.00

    Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

  • CVE-2000-0791Oct 20, 2000
    risk 0.00cvss epss 0.00

    Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

Page 4 of 4