| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
| nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
| Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
| Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. |
| gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. |
| IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. |
| traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. |
| A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
| Trn allows local users to overwrite other users' files via symlinks. |
| CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. |
| CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. |
| Denial of service in Linux syslogd via a large number of connections. |
| Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. |
| Denial of service in Debian IRC Epic/epic4 client via a long string. |
| htdig allows remote attackers to execute commands via filenames with shell metacharacters. |
| Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. |
| Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
| in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow. |
| Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. |
