VYPR

Vendor CVEs

Trustix

All CVEs

81 total · sorted by risk
  • CVE-2004-0977Feb 9, 2005
    risk 0.00cvss epss 0.00

    The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0976Feb 9, 2005
    risk 0.00cvss epss 0.00

    Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0974Feb 9, 2005
    risk 0.00cvss epss 0.00

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0975Feb 9, 2005
    risk 0.00cvss epss 0.00

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0957Feb 9, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

  • CVE-2004-0971Feb 9, 2005
    risk 0.00cvss epss 0.00

    The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0967Feb 9, 2005
    risk 0.00cvss epss 0.00

    The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0886Jan 27, 2005
    risk 0.00cvss epss 0.05

    Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

  • CVE-2004-1070Jan 10, 2005
    risk 0.00cvss epss 0.01

    The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid…

  • CVE-2004-0949Jan 10, 2005
    risk 0.00cvss epss 0.03

    The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to…

  • CVE-2004-0883Jan 10, 2005
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read…

  • CVE-2004-1071Jan 10, 2005
    risk 0.00cvss epss 0.01

    The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

  • CVE-2004-1072Jan 10, 2005
    risk 0.00cvss epss 0.01

    The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to…

  • CVE-2004-1013Jan 10, 2005
    risk 0.00cvss epss 0.06

    The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an…

  • CVE-2004-1011Jan 10, 2005
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

  • CVE-2004-1012Jan 10, 2005
    risk 0.00cvss epss 0.06

    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to…

  • CVE-2004-2546Dec 31, 2004
    risk 0.00cvss epss 0.03

    Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

  • CVE-2004-0685Dec 23, 2004
    risk 0.00cvss epss 0.00

    Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

  • CVE-2004-0565Dec 6, 2004
    risk 0.00cvss epss 0.00

    Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

  • CVE-2004-0801Sep 16, 2004
    risk 0.00cvss epss 0.04

    Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.

  • CVE-2004-0421Aug 18, 2004
    risk 0.00cvss epss 0.04

    The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

  • CVE-2004-0535Aug 6, 2004
    risk 0.00cvss epss 0.00

    The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

  • CVE-2004-0686Jul 27, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

  • CVE-2002-1319Dec 11, 2002
    risk 0.00cvss epss 0.00

    The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

  • CVE-2001-0739Oct 18, 2001
    risk 0.00cvss epss 0.00

    Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.

  • CVE-2001-1030Jul 18, 2001
    risk 0.00cvss epss 0.02

    Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

  • CVE-2001-1240Jul 11, 2001
    risk 0.00cvss epss 0.02

    The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

  • CVE-2001-0117Mar 12, 2001
    risk 0.00cvss epss 0.00

    sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

  • CVE-2001-0142Mar 12, 2001
    risk 0.00cvss epss 0.00

    squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2000-0867Nov 14, 2000
    risk 0.00cvss epss 0.00

    Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

  • CVE-2000-0791Oct 20, 2000
    risk 0.00cvss epss 0.00

    Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

Page 2 of 2