| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. |
| GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. |
| Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). |
| Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. |
| The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. |
| Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. |
| Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. |
| Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
| ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block. |
| Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. |
| Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. |
| Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. |
| Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
| The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. |
| privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
| Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. |
| Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." |
