All the vulnerabilites related to Turbolinux, Inc. - Turbolinux Workstation
jvndb-2005-000199
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Sylpheed Filename Buffer Overflow Vulnerability
Details
Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sylpheed:sylpheed",
      "@product": "Sylpheed",
      "@vendor": "Sylpheed",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000199",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0926",
      "@id": "CVE-2005-0926",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0926",
      "@id": "CVE-2005-0926",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/12934",
      "@id": "12934",
      "@source": "BID"
    }
  ],
  "title": "Sylpheed Filename Buffer Overflow Vulnerability"
}

jvndb-2003-000149
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
lv Arbitrary Command Execution Vulnerability
Details
lv contains a vulnerability of reading and running a .lv file in the current directry.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "lv contains a vulnerability of reading and running a .lv file in the current directry.",
  "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lv:lv",
      "@product": "lv",
      "@vendor": "NARITA Tomio ",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.2",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2003-000149",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0188",
      "@id": "CVE-2003-0188",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0188",
      "@id": "CVE-2003-0188",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/7613",
      "@id": "7613",
      "@source": "BID"
    }
  ],
  "title": "lv Arbitrary Command Execution Vulnerability"
}

jvndb-2004-000323
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Ruby CGI Session Management Insecure File Permission Vulnerability
Details
Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000323.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Ruby uses CGI::Session\u0027s FileStore. FileStore creates a session file with improper permission and this could lead to session information leak.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000323.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:ruby-lang:ruby",
      "@product": "Ruby",
      "@vendor": "Ruby",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.1",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000323",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755",
      "@id": "CVE-2004-0755",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0755",
      "@id": "CVE-2004-0755",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10946",
      "@id": "10946",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16996",
      "@id": "16996",
      "@source": "XF"
    }
  ],
  "title": "Ruby CGI Session Management Insecure File Permission Vulnerability"
}

jvndb-2004-000473
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Ruby cgi.rb Denial of Service Vulnerability
Details
Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000473.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000473.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:ruby-lang:ruby",
      "@product": "Ruby",
      "@vendor": "Ruby",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000473",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983",
      "@id": "CVE-2004-0983",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0983",
      "@id": "CVE-2004-0983",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/13123/",
      "@id": "SA13123",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/11618",
      "@id": "11618",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/17985",
      "@id": "17985",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1012120",
      "@id": "1012120",
      "@source": "SECTRACK"
    }
  ],
  "title": "Ruby cgi.rb Denial of Service Vulnerability"
}

jvndb-2005-000163
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
Details
Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sylpheed:sylpheed",
      "@product": "Sylpheed",
      "@vendor": "Sylpheed",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_workstation",
      "@product": "Turbolinux Workstation",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000163",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667",
      "@id": "CVE-2005-0667",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0667",
      "@id": "CVE-2005-0667",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/14491/",
      "@id": "SA14491",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/12730",
      "@id": "12730",
      "@source": "BID"
    }
  ],
  "title": "Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters"
}