Download
| Alert*
CVE-2003-0098
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. CVE-2003-0367 znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. CVE-1999-0769 Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. CVE-1999-0831 Denial of service in Linux syslogd via a large number of connections. CVE-1999-0872 Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. CVE-2001-0069 dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack. CVE-2001-0125 exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. CVE-2000-0513 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. CVE-2000-0512 CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. CVE-2000-0511 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. CVE-2000-0510 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. CVE-2000-0112 The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. CVE-2001-0128 Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. CVE-2000-1135 fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. CVE-2000-0508 rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. CVE-2000-0607 Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. CVE-2000-0606 Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. CVE-2001-0111 Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. CVE-2001-0112 Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. CVE-2001-0233 Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. CVE-2000-0229 gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. CVE-2000-0844 Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. CVE-2001-0235 Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. CVE-2000-0666 rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. CVE-2000-0289 IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. CVE-2001-0138 privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. CVE-2001-0139 inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. CVE-2001-0193 Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter. CVE-2001-0441 Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. CVE-2001-1331 mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. CVE-2001-0430 Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. CVE-2001-0279 Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. CVE-2001-1561 Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. CVE-2001-0834 htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uplo ... CVE-2001-0977 slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. CVE-2001-0738 LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages. CVE-2001-0456 postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. CVE-2001-0457 man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). CVE-2001-0458 Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. CVE-2002-0044 GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. CVE-2002-1232 Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. CVE-2018-19200 An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. CVE-2001-0136 Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. CVE-2001-0195 sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. |