Every CVE whose affected-product data names Caldera Openlinux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-1999-0879 — CVSS 10.0 (critical): Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
CVE-2000-0917 — CVSS 10.0 (critical): Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
CVE-2001-0850 — CVSS 10.0 (critical): A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could…
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-2000-0491 — CVSS 10.0 (critical): Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a…
CVE-2000-0370 — CVSS 10.0 (critical): The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail…
CVE-2000-0374 — CVSS 10.0 (critical): The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host…
CVE-1999-0043 — CVSS 9.8 (critical): Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
CVE-1999-0017 — CVSS 7.5 (high): FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVE-1999-0434 — CVSS 7.5 (high): XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing…
CVE-1999-0439 — CVSS 7.5 (high): Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc…
CVE-2000-1134 — CVSS 7.2 (high): Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing <<…
CVE-2000-0530 — CVSS 7.2 (high): The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
CVE-2000-0566 — CVSS 7.2 (high): makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
CVE-2000-0438 — CVSS 7.2 (high): Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint…
CVE-1999-0769 — CVSS 7.2 (high): Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVE-1999-0872 — CVSS 7.2 (high): Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVE-2000-0218 — CVSS 7.2 (high): Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
CVE-2000-0372 — CVSS 7.2 (high): Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
CVE-2002-1199 — CVSS 5.0 (medium): The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a…
CVE-2000-0192 — CVSS 5.0 (medium): The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what…
CVE-2000-0369 — CVSS 5.0 (medium): The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of…
CVE-2001-0851 — CVSS 5.0 (medium): Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
CVE-1999-1288 — CVSS 4.6 (medium): Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid…
CVE-2000-0892 — CVSS 2.6 (low): Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or…
CVE-1999-0712 — CVSS 2.1 (low): A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
CVE-2000-0531 — CVSS 2.1 (low): Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.