| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. |
| Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. |
| The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
| gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. |
| Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. |
| The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. |
| Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. |
| The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |
| Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication. |
| Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. |
| The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
| Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code. |
| Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. |
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog. |
| The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. |
| Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. |
| Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
