Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Trustix Subscribe
Filtered by product Secure Linux
Total 66 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0809 8 Apache, Debian, Gentoo and 5 more 12 Http Server, Debian Linux, Linux and 9 more 2022-09-23 5.0 MEDIUM N/A
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2004-0686 2 Samba, Trustix 2 Samba, Secure Linux 2022-08-29 5.0 MEDIUM N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2004-0493 5 Apache, Avaya, Gentoo and 2 more 8 Http Server, Converged Communications Server, S8300 and 5 more 2021-06-06 6.4 MEDIUM N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-0940 6 Apache, Hp, Openpkg and 3 more 6 Http Server, Hp-ux, Openpkg and 3 more 2021-06-06 6.9 MEDIUM N/A
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2004-0957 6 Openpkg, Oracle, Redhat and 3 more 7 Openpkg, Mysql, Enterprise Linux and 4 more 2019-12-17 6.8 MEDIUM N/A
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
CVE-2000-0844 13 Caldera, Conectiva, Debian and 10 more 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more 2018-10-30 10.0 HIGH N/A
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-2004-1019 4 Openpkg, Php, Trustix and 1 more 4 Openpkg, Php, Secure Linux and 1 more 2018-10-30 10.0 HIGH N/A
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
CVE-2007-0907 2 Php, Trustix 2 Php, Secure Linux 2018-10-30 5.0 MEDIUM N/A
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
CVE-2004-0594 4 Avaya, Php, Redhat and 1 more 8 Converged Communications Server, Integrated Management, S8300 and 5 more 2018-10-30 5.1 MEDIUM N/A
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2004-2546 2 Samba, Trustix 2 Samba, Secure Linux 2018-10-30 6.4 MEDIUM N/A
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 8 Converged Communications Server, Integrated Management, S8300 and 5 more 2018-10-30 6.8 MEDIUM N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2007-0905 2 Php, Trustix 2 Php, Secure Linux 2018-10-30 7.5 HIGH N/A
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
CVE-2004-1065 4 Openpkg, Php, Trustix and 1 more 4 Openpkg, Php, Secure Linux and 1 more 2018-10-30 10.0 HIGH N/A
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
CVE-2007-0910 2 Php, Trustix 2 Php, Secure Linux 2018-10-30 10.0 HIGH N/A
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
CVE-2004-1154 4 Redhat, Samba, Suse and 1 more 4 Fedora Core, Samba, Suse Linux and 1 more 2018-10-30 10.0 HIGH N/A
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVE-2007-0906 2 Php, Trustix 2 Php, Secure Linux 2018-10-30 7.5 HIGH N/A
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
CVE-2007-0909 2 Php, Trustix 2 Php, Secure Linux 2018-10-30 7.5 HIGH N/A
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
CVE-2005-3624 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2018-10-19 5.0 MEDIUM N/A
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVE-2005-3625 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2018-10-19 10.0 HIGH N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2018-10-19 5.0 MEDIUM N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.