cbcvebase.

Slackware Linux vulnerabilities

52 known vulnerabilities affecting slackware/slackware_linux.

Total CVEs
52
CISA KEV
0
Public exploits
17
Exploited in wild
2
Severity breakdown
CRITICAL10HIGH22MEDIUM12LOW8

Vulnerabilities

Page 2 of 3
CVE-2004-0891P3CRITICALCVSS 10.0v9.0v9.1+2 more2005-01-27
CVE-2004-0891 [CRITICAL] CVE-2004-0891: Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
nvd
CVE-2004-0233P4LOWCVSS 2.1PoCv9.12004-08-18
CVE-2004-0233 [LOW] CVE-2004-0233: Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows l Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
nvd
CVE-2002-1814P4MEDIUMCVSS 4.6PoCv8.02002-12-31
CVE-2002-1814 [MEDIUM] CVE-2002-1814: Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrar Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
nvd
CVE-1999-0433P4MEDIUMCVSS 4.6PoCv3.3v3.4+3 more1999-03-21
CVE-1999-0433 [MEDIUM] CVE-1999-0433: XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in re XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
nvd
CVE-2004-0226P4CRITICALCVSS 10.0v9.0v9.12004-08-18
CVE-2004-0226 [CRITICAL] CVE-2004-0226: Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a den Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2018-9336P4HIGHCVSS 7.8v13.0v13.1+3 more2018-05-01
CVE-2018-9336 [HIGH] CWE-415 CVE-2018-9336: openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local at openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
nvd
CVE-1999-1498P4LOWCVSS 3.6PoCv3.41998-04-06
CVE-1999-1498 [LOW] CVE-1999-1498: Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file.
nvd
CVE-1999-1299P4CRITICALCVSS 10.0v3.11997-02-03
CVE-1999-1299 [CRITICAL] CVE-1999-1299: rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
nvd
CVE-2005-3625P4CRITICALCVSS 10.0v9.0v9.1+3 more2005-12-31
CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
nvd
CVE-2003-0977P4HIGHCVSS 7.5v8.1v9.0+1 more2004-01-05
CVE-2003-0977 [HIGH] CVE-2003-0977: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and file CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
nvd
CVE-1999-0298P4HIGHCVSS 7.5v2.1v2.2+1 more1997-02-05
CVE-1999-0298 [HIGH] CVE-1999-0298: ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remo ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
nvd
CVE-1999-0421P4HIGHCVSS 7.2v3.61999-03-17
CVE-1999-0421 [HIGH] CVE-1999-0421: During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root acce During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
nvd
CVE-2004-0232P4MEDIUMCVSS 5.0v9.0v9.12004-08-18
CVE-2004-0232 [MEDIUM] CVE-2004-0232: Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers t Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2003-0335P4HIGHCVSS 7.5v9.02003-05-22
CVE-2003-0335 [HIGH] CVE-2003-0335: rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remount rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
nvd
CVE-1999-1186P4HIGHCVSS 7.2v3.01996-01-02
CVE-1999-1186 [HIGH] CVE-1999-1186: rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Sl rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
nvd
CVE-1999-0341P4HIGHCVSS 7.2v2.1v2.2+1 more1998-01-01
CVE-1999-0341 [HIGH] CVE-1999-0341: Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
nvd
CVE-1999-0340P4HIGHCVSS 7.2v3.41997-12-01
CVE-1999-0340 [HIGH] CVE-1999-0340: Buffer overflow in Linux Slackware crond program allows local users to gain root access. Buffer overflow in Linux Slackware crond program allows local users to gain root access.
nvd
CVE-2007-1352P4LOWCVSS 3.8v9.0v9.1+1 more2007-04-06
CVE-2007-1352 [LOW] CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote a Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
nvd
CVE-2005-3624P4MEDIUMCVSS 5.0v9.0v9.1+3 more2005-12-31
CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
nvd
CVE-2005-3626P4MEDIUMCVSS 5.0v9.0v9.1+3 more2005-12-31
CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
nvd
Slackware Linux vulnerabilities | cvebase