| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
| Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. |
| Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. |
| Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. |
| gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. |
| Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. |
| Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. |
| Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. |
| Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
| Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. |
| ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. |
| Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite. |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. |
| Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. |
| Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. |
| Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands. |
| RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. |
| cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
