| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Debian mailman package uses weak authentication, which allows attackers to gain privileges. |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. |
| Linux ftpwatch program allows local users to gain root privileges. |
| Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. |
| Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. |
| Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. |
| Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
| Debian GNU/Linux cfengine package is susceptible to a symlink attack. |
| Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. |
| Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. |
| Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. |
| znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. |
| When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |
