| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. |
| slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. |
| Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. |
| Buffer overflows in Red Hat net-tools package. |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. |
| Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. |
| Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. |
| show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. |
| Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. |
| Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. |
| Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. |
| inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services. |
| Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. |
| URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). |
| Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. |
| Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
