secure linux · threatengine.sh

Home/Product/trustix secure linux

Product

trustix secure linux

71 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string speci

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_head

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extensi

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which al

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, a

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of a

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a den

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on tempo

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (und

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary co

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to exec

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corru

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a cr

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a deni

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows loca

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name str

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, do

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arb

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and exe

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arb

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attacke

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-asse

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local use

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH own

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in ker

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kern

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a c

Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execu

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clie

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malf

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhausti

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary c

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_glob

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code a

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privilege

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malic

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which co

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arb

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_ac

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that co

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain ro

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows loc

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin