TurbolinuxCVEs & Vulnerabilities

40 CVEs affecting Turbolinux products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

turbolinux server 54turbolinux 45turbolinux workstation 39turbolinux desktop 8turbolinux appliance server 8turbolinux home 6turbolinux multimedia 3turbolinux personal 3
CVE-2007-1352LOW

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

6 Apr 2007
3.8
CVSS
CVE-2005-3624MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

31 Dec 2005
5.0
CVSS
CVE-2005-3625CRITICAL

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

31 Dec 2005
10.0
CVSS
CVE-2005-3626MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

31 Dec 2005
5.0
CVSS
CVE-2005-0988LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

2 May 2005
3.7
CVSS
CVE-2004-1004HIGH

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

14 Apr 2005
7.5
CVSS
CVE-2004-1005HIGH

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

14 Apr 2005
7.5
CVSS
CVE-2004-1009MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

14 Apr 2005
5.0
CVSS
CVE-2004-1090MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

14 Apr 2005
5.0
CVSS
CVE-2004-1091MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

14 Apr 2005
5.0
CVSS
CVE-2004-1092MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

14 Apr 2005
5.0
CVSS
CVE-2004-1093MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

14 Apr 2005
5.0
CVSS
CVE-2004-1174MEDIUM

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

14 Apr 2005
5.0
CVSS
CVE-2004-1175HIGH

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

14 Apr 2005
7.5
CVSS
CVE-2004-1176HIGH

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

14 Apr 2005
7.5
CVSS
CVE-2004-1070HIGH

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

10 Jan 2005
7.2
CVSS
CVE-2004-1071HIGH

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

10 Jan 2005
7.2
CVSS
CVE-2004-1072HIGH

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

10 Jan 2005
7.2
CVSS
CVE-2004-1074LOWpoc

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

10 Jan 2005
2.1
CVSS
CVE-2004-1073LOWpoc

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

10 Jan 2005
2.1
CVSS
CVE-2004-0802MEDIUM

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

31 Dec 2004
5.1
CVSS
CVE-2004-0817HIGH

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

31 Dec 2004
7.5
CVSS
CVE-2004-1377LOW

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

27 Dec 2004
2.1
CVSS
CVE-2004-0809MEDIUM

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

16 Sep 2004
5.0
CVSS
CVE-2004-0827HIGH

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

16 Sep 2004
7.5
CVSS
CVE-2003-0694CRITICAL

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

6 Oct 2003
10.0
CVSS
CVE-2003-0681HIGHpoc

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

6 Oct 2003
7.5
CVSS
CVE-2003-0370HIGH

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

16 Jun 2003
7.5
CVSS
CVE-2001-0169LOWpoc

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

26 Mar 2001
2.1
CVSS
CVE-2000-0844CRITICALpoc

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

14 Nov 2000
10.0
CVSS
CVE-2000-0438HIGHpoc

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

22 May 2000
7.2
CVSS
CVE-2000-0336LOWpoc

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

21 Apr 2000
2.1
CVSS
CVE-2000-0172HIGHpoc

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.

3 Mar 2000
7.2
CVSS
CVE-2000-0186HIGH

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

28 Feb 2000
7.2
CVSS
CVE-2000-0196HIGH

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

28 Feb 2000
7.5
CVSS
CVE-2000-0170HIGHpoc

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

26 Feb 2000
7.2
CVSS
CVE-2000-0052HIGHpoc

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

4 Jan 2000
7.2
CVSS
CVE-1999-0948HIGHpoc

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

2 Nov 1999
7.2
CVSS
CVE-1999-0949HIGHpoc

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

2 Nov 1999
7.2
CVSS
CVE-1999-1288MEDIUM

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

19 Nov 1998
4.6
CVSS
← PrevPage 1 / 1Next →