| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. |
| pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files. |
| ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. |
| Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. |
| rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. |
| getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. |
| LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. |
| A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. |
| Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. |
| TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header. |
| Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. |
| Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. |
| Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. |
| Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. |
| Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. |
| Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. |
| Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. |
| CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. |
