| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. |
| The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. |
| Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. |
| Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. |
| Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. |
| Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. |
| The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. |
| Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. |
| Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code. |
| Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. |
| The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
| The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
| The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. |
| Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. |
| The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. |
| main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. |
| mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. |
