Vendor CVEs
Trustix
All CVEs
81 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0977 | 0.00 | — | 0.00 | Feb 9, 2005 | The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0976 | 0.00 | — | 0.00 | Feb 9, 2005 | Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0974 | 0.00 | — | 0.00 | Feb 9, 2005 | The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0975 | 0.00 | — | 0.00 | Feb 9, 2005 | The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0957 | 0.00 | — | 0.02 | Feb 9, 2005 | Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | |||
| CVE-2004-0971 | 0.00 | — | 0.00 | Feb 9, 2005 | The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0967 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0886 | 0.00 | — | 0.05 | Jan 27, 2005 | Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||
| CVE-2004-1070 | 0.00 | — | 0.01 | Jan 10, 2005 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid… | |||
| CVE-2004-0949 | 0.00 | — | 0.03 | Jan 10, 2005 | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to… | |||
| CVE-2004-0883 | 0.00 | — | 0.04 | Jan 10, 2005 | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read… | |||
| CVE-2004-1071 | 0.00 | — | 0.01 | Jan 10, 2005 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | |||
| CVE-2004-1072 | 0.00 | — | 0.01 | Jan 10, 2005 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to… | |||
| CVE-2004-1013 | 0.00 | — | 0.06 | Jan 10, 2005 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an… | |||
| CVE-2004-1011 | 0.00 | — | 0.06 | Jan 10, 2005 | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | |||
| CVE-2004-1012 | 0.00 | — | 0.06 | Jan 10, 2005 | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to… | |||
| CVE-2004-2546 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | |||
| CVE-2004-0685 | 0.00 | — | 0.00 | Dec 23, 2004 | Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | |||
| CVE-2004-0565 | 0.00 | — | 0.00 | Dec 6, 2004 | Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. | |||
| CVE-2004-0801 | 0.00 | — | 0.04 | Sep 16, 2004 | Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | |||
| CVE-2004-0421 | 0.00 | — | 0.04 | Aug 18, 2004 | The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||
| CVE-2004-0535 | 0.00 | — | 0.00 | Aug 6, 2004 | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||
| CVE-2004-0686 | 0.00 | — | 0.04 | Jul 27, 2004 | Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||
| CVE-2002-1319 | 0.00 | — | 0.00 | Dec 11, 2002 | The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. | |||
| CVE-2001-0739 | 0.00 | — | 0.00 | Oct 18, 2001 | Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. | |||
| CVE-2001-1030 | 0.00 | — | 0.02 | Jul 18, 2001 | Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||
| CVE-2001-1240 | 0.00 | — | 0.02 | Jul 11, 2001 | The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. | |||
| CVE-2001-0117 | 0.00 | — | 0.00 | Mar 12, 2001 | sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. | |||
| CVE-2001-0142 | 0.00 | — | 0.00 | Mar 12, 2001 | squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2000-0867 | 0.00 | — | 0.00 | Nov 14, 2000 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||
| CVE-2000-0791 | 0.00 | — | 0.00 | Oct 20, 2000 | Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse. |
- CVE-2004-0977Feb 9, 2005risk 0.00cvss —epss 0.00
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0976Feb 9, 2005risk 0.00cvss —epss 0.00
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0974Feb 9, 2005risk 0.00cvss —epss 0.00
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0975Feb 9, 2005risk 0.00cvss —epss 0.00
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0957Feb 9, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
- CVE-2004-0971Feb 9, 2005risk 0.00cvss —epss 0.00
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0967Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0886Jan 27, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
- CVE-2004-1070Jan 10, 2005risk 0.00cvss —epss 0.01
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid…
- CVE-2004-0949Jan 10, 2005risk 0.00cvss —epss 0.03
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to…
- CVE-2004-0883Jan 10, 2005risk 0.00cvss —epss 0.04
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read…
- CVE-2004-1071Jan 10, 2005risk 0.00cvss —epss 0.01
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
- CVE-2004-1072Jan 10, 2005risk 0.00cvss —epss 0.01
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to…
- CVE-2004-1013Jan 10, 2005risk 0.00cvss —epss 0.06
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an…
- CVE-2004-1011Jan 10, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
- CVE-2004-1012Jan 10, 2005risk 0.00cvss —epss 0.06
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to…
- CVE-2004-2546Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
- CVE-2004-0685Dec 23, 2004risk 0.00cvss —epss 0.00
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
- CVE-2004-0565Dec 6, 2004risk 0.00cvss —epss 0.00
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
- CVE-2004-0801Sep 16, 2004risk 0.00cvss —epss 0.04
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
- CVE-2004-0421Aug 18, 2004risk 0.00cvss —epss 0.04
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
- CVE-2004-0535Aug 6, 2004risk 0.00cvss —epss 0.00
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
- CVE-2004-0686Jul 27, 2004risk 0.00cvss —epss 0.04
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
- CVE-2002-1319Dec 11, 2002risk 0.00cvss —epss 0.00
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
- CVE-2001-0739Oct 18, 2001risk 0.00cvss —epss 0.00
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
- CVE-2001-1030Jul 18, 2001risk 0.00cvss —epss 0.02
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
- CVE-2001-1240Jul 11, 2001risk 0.00cvss —epss 0.02
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
- CVE-2001-0117Mar 12, 2001risk 0.00cvss —epss 0.00
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
- CVE-2001-0142Mar 12, 2001risk 0.00cvss —epss 0.00
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2000-0867Nov 14, 2000risk 0.00cvss —epss 0.00
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
- CVE-2000-0791Oct 20, 2000risk 0.00cvss —epss 0.00
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
Page 2 of 2