Vulnerabilities (CVE)

Filtered by vendor Trustix Subscribe
Filtered by product Secure Linux
Total 66 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0803 9 Apple, Kde, Libtiff and 6 more 13 Mac Os X, Mac Os X Server, Kde and 10 more 2024-11-20 7.5 HIGH N/A
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVE-2004-0801 4 Conectiva, Linuxprinting.org, Sun and 1 more 4 Linux, Foomatic-filters, Java Desktop System and 1 more 2024-11-20 7.5 HIGH N/A
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
CVE-2004-0686 2 Samba, Trustix 2 Samba, Secure Linux 2024-11-20 5.0 MEDIUM N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2004-0685 3 Linux, Redhat, Trustix 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more 2024-11-20 4.6 MEDIUM N/A
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
CVE-2004-0600 2 Samba, Trustix 2 Samba, Secure Linux 2024-11-20 10.0 HIGH N/A
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 8 Converged Communications Server, Integrated Management, S8300 and 5 more 2024-11-20 6.8 MEDIUM N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2004-0594 6 Avaya, Debian, Hp and 3 more 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more 2024-11-20 5.1 MEDIUM N/A
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2004-0565 4 Gentoo, Linux, Mandrakesoft and 1 more 6 Linux, Linux Kernel, Mandrake Linux and 3 more 2024-11-20 2.1 LOW N/A
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
CVE-2004-0497 7 Conectiva, Gentoo, Linux and 4 more 9 Linux, Linux, Linux Kernel and 6 more 2024-11-20 2.1 LOW N/A
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2004-0493 5 Apache, Avaya, Gentoo and 2 more 8 Http Server, Converged Communications Server, S8300 and 5 more 2024-11-20 6.4 MEDIUM N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-0432 3 Gentoo, Proftpd Project, Trustix 3 Linux, Proftpd, Secure Linux 2024-11-20 7.5 HIGH N/A
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
CVE-2004-0421 4 Libpng, Openpkg, Redhat and 1 more 6 Libpng, Openpkg, Enterprise Linux and 3 more 2024-11-20 5.0 MEDIUM N/A
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
CVE-2004-0415 3 Linux, Redhat, Trustix 3 Linux Kernel, Fedora Core, Secure Linux 2024-11-20 2.1 LOW N/A
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
CVE-2004-0077 4 Linux, Netwosix, Redhat and 1 more 7 Linux Kernel, Netwosix Linux, Bigmem Kernel and 4 more 2024-11-20 7.2 HIGH N/A
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
CVE-2002-1319 2 Linux, Trustix 2 Linux Kernel, Secure Linux 2024-11-20 2.1 LOW N/A
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
CVE-2002-0083 9 Conectiva, Engardelinux, Immunix and 6 more 11 Linux, Secure Linux, Immunix and 8 more 2024-11-20 10.0 HIGH 9.8 CRITICAL
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2001-1030 6 Caldera, Immunix, Mandrakesoft and 3 more 8 Openlinux Server, Immunix, Mandrake Linux and 5 more 2024-11-20 7.5 HIGH N/A
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
CVE-2001-0169 4 Mandrakesoft, Redhat, Trustix and 1 more 5 Mandrake Linux, Mandrake Linux Corporate Server, Linux and 2 more 2024-11-20 2.1 LOW N/A
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
CVE-2001-0142 5 Immunix, Mandrakesoft, National Science Foundation and 2 more 5 Immunix, Mandrake Linux, Squid Web Proxy and 2 more 2024-11-20 1.2 LOW N/A
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVE-2001-0117 4 Immunix, Mandrakesoft, Redhat and 1 more 5 Immunix, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2024-11-20 1.2 LOW N/A
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.