VYPR
Vendor

Ltsp

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2016-4422CriMay 6, 2016
    risk 0.64cvss 9.8epss 0.02

    The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

  • CVE-2019-20373HigJan 9, 2020
    risk 0.00cvss 7.8epss 0.00

    LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.

  • CVE-2012-1166May 21, 2014
    risk 0.00cvss epss 0.05

    The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

  • CVE-2008-1293Apr 29, 2008
    risk 0.00cvss epss 0.01

    ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).