| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. |
| kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. |
| slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
| Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. |
| MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. |
| Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. |
| libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. |
| Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. |
| Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. |
| The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. |
| xsoldier program allows local users to gain root access via a long argument. |
| Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
| Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack. |
| Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
| Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. |
| rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. |
