| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. |
| Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. |
| Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. |
| zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. |
| unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. |
| Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. |
| Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. |
| Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. |
| cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. |
| The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. |
| GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. |
| Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. |
