Nongnu : Security Vulnerabilities, CVEs, CVSS score >= 4
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-04-13
Updated
2023-09-28
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
Max CVSS
9.8
EPSS Score
0.63%
Published
2019-10-10
Updated
2021-11-30
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
Max CVSS
7.8
EPSS Score
0.21%
Published
2018-08-20
Updated
2018-11-02
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
Max CVSS
6.8
EPSS Score
0.67%
Published
2014-09-18
Updated
2018-12-31
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
Max CVSS
4.9
EPSS Score
0.15%
Published
2014-03-09
Updated
2017-08-29
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-11-05
Updated
2023-02-13
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
7.8
EPSS Score
0.98%
Published
2007-06-14
Updated
2017-07-29
7 vulnerabilities found