| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. |
| gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. |
| Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. |
| Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. |
| Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. |
| Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). |
| GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
| Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). |
| Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. |
| Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. |
| The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. |
| Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". |
| GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. |
| Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. |
| Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. |
