| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. |
| Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". |
| Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address). |
| The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. |
| Denial of service in Savant web server via a null character in the requested URL. |
| WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. |
| CuteFTP uses weak encryption to store password information in its tree.dat file. |
| wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. |
| DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
| Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. |
| The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. |
| surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. |
| The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
| Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. |
| UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. |
| An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. |
| Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. |
| The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. |
