ImmunixCVEs & Vulnerabilities

27 CVEs affecting Immunix products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

immunix 40stackguard 1
CVE-2002-1565HIGH

Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

16 Jun 2003
7.5
CVSS
CVE-2000-1208HIGH

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

12 Aug 2002
7.2
CVSS
CVE-2002-0083CRITICALpoc

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

15 Mar 2002
9.8
CVSS
CVE-2001-0738MEDIUM

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

18 Oct 2001
5.0
CVSS
CVE-2001-0736LOWpoc

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

18 Oct 2001
2.1
CVSS
CVE-2001-0641MEDIUMpoc

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

20 Sep 2001
4.6
CVSS
CVE-2001-1030HIGH

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

18 Jul 2001
7.5
CVSS
CVE-2001-0416LOW

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

27 Jun 2001
2.1
CVSS
CVE-2001-0473HIGH

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

27 Jun 2001
7.5
CVSS
CVE-2001-0170LOWpoc

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

26 Mar 2001
2.1
CVSS
CVE-2001-0116LOW

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0117LOW

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0118LOW

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0119LOW

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0120LOW

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0138LOW

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2001-0139LOW

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

12 Mar 2001
1.2
CVSS
CVE-2001-0140LOW

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

12 Mar 2001
1.2
CVSS
CVE-2001-0142LOW

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

12 Mar 2001
1.2
CVSS
CVE-2001-0143LOW

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

12 Mar 2001
1.2
CVSS
CVE-2000-1095HIGHpoc

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

9 Jan 2001
7.2
CVSS
CVE-2000-1134HIGHpoc

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

9 Jan 2001
7.2
CVSS
CVE-2000-0963HIGH

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

19 Dec 2000
7.2
CVSS
CVE-2000-0844CRITICALpoc

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

14 Nov 2000
10.0
CVSS
CVE-2000-1213HIGH

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.

18 Oct 2000
7.5
CVSS
CVE-2000-1214MEDIUM

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

18 Oct 2000
4.6
CVSS
CVE-1999-1111HIGH

Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.

9 Nov 1999
7.5
CVSS
← PrevPage 1 / 1Next →