| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. |
| userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). |
| Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. |
| Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. |
| The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. |
| Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. |
| CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. |
| Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. |
| stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. |
| Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. |
| GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. |
| Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. |
| Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. |
| Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. |
| scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. |
