| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. |
| lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. |
| The netstat service is running, which provides sensitive information to remote attackers. |
| The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| The OS/2 or POSIX subsystem in NT is enabled. |
| An application-critical Windows NT registry key has inappropriate permissions. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. |
| The SSH authentication agent follows symlinks via a UNIX domain socket. |
| The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. |
| Arkiea nlservd allows remote attackers to conduct a denial of service. |
| Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. |
| Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie. |
| Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. |
| Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. |
| Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. |
| userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |