Secure Linux
by Trustix
CVEs (74)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0685 | 0.00 | — | 0.00 | Dec 23, 2004 | Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | |||
| CVE-2004-0565 | 0.00 | — | 0.00 | Dec 6, 2004 | Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. | |||
| CVE-2004-0801 | 0.00 | — | 0.04 | Sep 16, 2004 | Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | |||
| CVE-2004-0421 | 0.00 | — | 0.04 | Aug 18, 2004 | The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||
| CVE-2004-0535 | 0.00 | — | 0.00 | Aug 6, 2004 | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||
| CVE-2004-0686 | 0.00 | — | 0.04 | Jul 27, 2004 | Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||
| CVE-2002-1319 | 0.00 | — | 0.00 | Dec 11, 2002 | The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. | |||
| CVE-2001-0739 | 0.00 | — | 0.00 | Oct 18, 2001 | Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. | |||
| CVE-2001-1030 | 0.00 | — | 0.02 | Jul 18, 2001 | Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||
| CVE-2001-1240 | 0.00 | — | 0.02 | Jul 11, 2001 | The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. | |||
| CVE-2001-0117 | 0.00 | — | 0.00 | Mar 12, 2001 | sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. | |||
| CVE-2001-0142 | 0.00 | — | 0.00 | Mar 12, 2001 | squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2000-0867 | 0.00 | — | 0.00 | Nov 14, 2000 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||
| CVE-2000-0791 | 0.00 | — | 0.00 | Oct 20, 2000 | Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse. |
- CVE-2004-0685Dec 23, 2004risk 0.00cvss —epss 0.00
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
- CVE-2004-0565Dec 6, 2004risk 0.00cvss —epss 0.00
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
- CVE-2004-0801Sep 16, 2004risk 0.00cvss —epss 0.04
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
- CVE-2004-0421Aug 18, 2004risk 0.00cvss —epss 0.04
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
- CVE-2004-0535Aug 6, 2004risk 0.00cvss —epss 0.00
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
- CVE-2004-0686Jul 27, 2004risk 0.00cvss —epss 0.04
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
- CVE-2002-1319Dec 11, 2002risk 0.00cvss —epss 0.00
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
- CVE-2001-0739Oct 18, 2001risk 0.00cvss —epss 0.00
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
- CVE-2001-1030Jul 18, 2001risk 0.00cvss —epss 0.02
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
- CVE-2001-1240Jul 11, 2001risk 0.00cvss —epss 0.02
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
- CVE-2001-0117Mar 12, 2001risk 0.00cvss —epss 0.00
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
- CVE-2001-0142Mar 12, 2001risk 0.00cvss —epss 0.00
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2000-0867Nov 14, 2000risk 0.00cvss —epss 0.00
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
- CVE-2000-0791Oct 20, 2000risk 0.00cvss —epss 0.00
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
Page 4 of 4