| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission. |
| Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. |
| UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. |
| Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. |
| Buffer overflow in SCO scohelp program allows remote attackers to execute commands. |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Delete or create a file via rpc.statd, due to invalid information. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| Command execution in Sun systems via buffer overflow in the at program. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
| Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
| Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. |
| SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. |
| Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
| Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. |
| Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. |
| SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. |
