| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash). |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. |
| GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. |
| Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. |
| The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. |
| Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code. |
| The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. |
| Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. |
| Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. |
| Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. |
| gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. |
| Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. |
| GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." |
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
| Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. |
| Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. |
| The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. |