| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. |
| Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code. |
| Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. |
| bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands. |
| The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. |
| The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. |
| k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. |
| Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root. |
| MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. |
| run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp. |
| Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to. |
| Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." |
| Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. |
| dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack. |
| Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. |
| Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. |
| inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
