cbcvebase.

Tarantella Enterprise vulnerabilities

8 known vulnerabilities affecting tarantella/tarantella_enterprise.

Total CVEs
8
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6LOW1

Vulnerabilities

Page 1 of 1
CVE-2001-0805P4MEDIUMCVSS 5.0PoCv3.0v3.012001-12-06
CVE-2001-0805 [MEDIUM] CVE-2001-0805: Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows rem Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
nvd
CVE-2002-0211P4MEDIUMCVSS 6.2PoCv3.3.0v3.3.0.1+3 more2002-05-16
CVE-2002-0211 [MEDIUM] CVE-2002-0211: Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a wo Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
nvd
CVE-2004-0079P4HIGHCVSS 7.5v3.20v3.30+1 more2004-11-23
CVE-2004-0079 [HIGH] CWE-476 CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
nvd
CVE-2002-0296P4LOWCVSS 1.2PoCv3.0v3.01+3 more2002-05-31
CVE-2002-0296 [LOW] CVE-2002-0296: The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a sy The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
nvd
CVE-2004-0112P4MEDIUMCVSS 5.0v3.20v3.30+1 more2004-11-23
CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
nvd
CVE-2004-0081P4MEDIUMCVSS 5.0v3.20v3.30+1 more2004-11-23
CVE-2004-0081 [MEDIUM] CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote atta OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
nvd
CVE-2002-0203P4MEDIUMCVSS 5.0v3.0v3.10+1 more2002-05-16
CVE-2002-0203 [MEDIUM] CVE-2002-0203: ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
nvd
CVE-2005-0486P4MEDIUMCVSS 5.0v3.30v3.402005-03-30
CVE-2005-0486 [MEDIUM] CVE-2005-0486: Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.
nvd