| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. |
| Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. |
| Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. |
| Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. |
| main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. |
| Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. |
| Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. |
| Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. |
| The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. |
| Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. |
| telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. |
| Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. |
| Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. |
| Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. |
