Slackware Slackware Linux — known CVE vulnerabilities
Every CVE whose affected-product data names Slackware Slackware Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-2004-0891 — CVSS 10.0 (critical): Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash)…
CVE-2004-0226 — CVSS 10.0 (critical): Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary…
CVE-1999-1299 — CVSS 10.0 (critical): rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files…
CVE-1999-0192 — CVSS 10.0 (critical): Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.
CVE-2006-6235 — CVSS 10.0 (critical): A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute…
CVE-2013-7171 — CVSS 9.8 (critical): Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2013-4854 — CVSS 7.8 (high): The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco…
CVE-2018-9336 — CVSS 7.8 (high): openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory…
CVE-2004-0940 — CVSS 7.8 (high): Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to…
CVE-2013-7172 — CVSS 7.8 (high): Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc…
CVE-2018-7184 — CVSS 7.5 (high): ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a…
CVE-2003-0962 — CVSS 7.5 (high): Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and…
CVE-2003-0335 — CVSS 7.5 (high): rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant…
CVE-2003-0977 — CVSS 7.5 (high): CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via…
CVE-1999-0298 — CVSS 7.5 (high): ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a…
CVE-1999-0242 — CVSS 7.5 (high): Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.
CVE-2002-0004 — CVSS 7.2 (high): Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes…
CVE-1999-0341 — CVSS 7.2 (high): Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
CVE-1999-0421 — CVSS 7.2 (high): During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account…
CVE-1999-1095 — CVSS 7.2 (high): sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user…
CVE-1999-1186 — CVSS 7.2 (high): rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows…
CVE-1999-1422 — CVSS 7.2 (high): The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental…
CVE-1999-1434 — CVSS 7.2 (high): login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from…
CVE-1999-1489 — CVSS 7.2 (high): Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long…
CVE-2000-0438 — CVSS 7.2 (high): Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint…
CVE-2000-0867 — CVSS 7.2 (high): Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root…
CVE-2001-1036 — CVSS 7.2 (high): GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database…
CVE-2004-0424 — CVSS 7.2 (high): Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a…
CVE-2003-0195 — CVSS 5.0 (medium): CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does…
CVE-2004-0232 — CVSS 5.0 (medium): Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute…
CVE-2000-0315 — CVSS 5.0 (medium): traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2000-0314 — CVSS 5.0 (medium): traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w)…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-1999-1445 — CVSS 5.0 (medium): Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote…
CVE-1999-0856 — CVSS 5.0 (medium): login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is…
CVE-1999-0746 — CVSS 5.0 (medium): A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of…
CVE-1999-1187 — CVSS 4.6 (medium): Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new…
CVE-1999-0433 — CVSS 4.6 (medium): XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing…
CVE-2002-1814 — CVSS 4.6 (medium): Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
CVE-2007-1352 — CVSS 3.8 (low): Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary…
CVE-1999-1498 — CVSS 3.6 (low): Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file.
CVE-2004-0233 — CVSS 2.1 (low): Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files…
CVE-2004-0881 — CVSS 2.1 (low): getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via…
CVE-2004-0231 — CVSS 2.1 (low): Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory…
CVE-2007-0823 — CVSS 1.9 (low): xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which…
CVE-2004-0880 — CVSS 1.2 (low): getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.