| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. |
| show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
| Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. |
| DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. |
| gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. |
| When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. |
| vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. |
| inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
| privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
| useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. |
| getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. |
| rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. |
| digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. |
| Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. |
| The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. |
| gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. |
