| Max CVSS | 7.2 | Min CVSS | 4.6 | Total Count | 5 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-16745 | 4.6 |
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
|
13-09-2018 - 12:29 | 13-09-2018 - 12:29 | |
| CVE-2018-16744 | 4.6 |
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
|
13-09-2018 - 12:29 | 13-09-2018 - 12:29 | |
| CVE-2018-16743 | 4.6 |
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
|
13-09-2018 - 12:29 | 13-09-2018 - 12:29 | |
| CVE-2018-16742 | 4.6 |
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
|
13-09-2018 - 12:29 | 13-09-2018 - 12:29 | |
| CVE-2018-16741 | 7.2 |
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by
|
13-09-2018 - 12:29 | 13-09-2018 - 12:29 |