| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. |
| GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. |
| Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. |
| install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file. |
| nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets. |
| By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. |
| Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. |
| KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. |
| Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. |
| rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter. |
| mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. |
| /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. |
| Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). |
| The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. |
| Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. |
| Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. |
| Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. |
| Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. |