The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
Max CVSS
4.9
EPSS Score
0.04%
Published
2003-12-15
Updated
2017-10-11
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-04-01
Updated
2017-08-17
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-05-08
Updated
2014-05-09
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Max CVSS
4.8
EPSS Score
0.25%
Published
2020-12-04
Updated
2021-03-19
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-09-13
Updated
2024-02-19
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Max CVSS
4.7
EPSS Score
0.05%
Published
2005-05-02
Updated
2024-01-26
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Max CVSS
4.7
EPSS Score
0.04%
Published
2017-09-20
Updated
2017-09-27
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-01-04
Updated
2018-01-19
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-12-26
Updated
2021-11-30
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-04-20
Updated
2014-12-31
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-08-05
Updated
2008-09-09
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-09-13
Updated
2016-10-18
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Max CVSS
4.6
EPSS Score
0.05%
Published
2000-04-18
Updated
2008-09-10
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.06%
Published
2000-10-20
Updated
2008-09-10
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
Max CVSS
4.6
EPSS Score
0.04%
Published
2000-10-20
Updated
2016-10-18
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-01-09
Updated
2018-05-03
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-05-03
Updated
2008-09-05
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-04-23
Updated
2017-07-11
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-07-11
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
Max CVSS
4.6
EPSS Score
0.32%
Published
2005-01-21
Updated
2018-10-19
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Max CVSS
4.6
EPSS Score
0.06%
Published
2005-05-13
Updated
2019-10-16
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
Max CVSS
4.6
EPSS Score
0.26%
Published
2005-05-02
Updated
2017-07-11
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
Max CVSS
4.6
EPSS Score
0.14%
Published
2005-05-24
Updated
2018-10-19
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Max CVSS
4.6
EPSS Score
0.12%
Published
2006-02-15
Updated
2023-02-13
63 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!