|Max CVSS||5.1||Min CVSS||1.2||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and poss
|11-08-2020 - 17:09||28-05-2006 - 23:02|
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
|19-10-2018 - 15:41||31-12-2005 - 05:00|
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
|17-10-2018 - 21:38||07-09-2006 - 00:04|
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
|03-10-2018 - 21:34||15-12-2005 - 18:11|
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
|03-10-2018 - 21:31||12-10-2005 - 22:02|
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_m
|11-10-2017 - 01:31||04-03-2007 - 22:19|
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
|11-10-2017 - 01:31||27-03-2007 - 23:19|
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_blo
|11-10-2017 - 01:31||31-08-2006 - 22:04|
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
|11-10-2017 - 01:31||25-07-2006 - 19:17|
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
|11-10-2017 - 01:30||04-04-2006 - 10:04|
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
|11-10-2017 - 01:30||05-08-2005 - 04:00|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate
|11-10-2017 - 01:30||23-08-2005 - 04:00|