| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
| Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
| Buffer overflow in INN inews program. |
| Buffer overflows in Red Hat net-tools package. |
| Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. |
| Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. |
| gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. |
| xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
| The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. |
| traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. |
| Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. |
| ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. |
| pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files. |
| ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. |
| Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices. |
| Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. |
| Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. |
