262 matches found
CVE-2018-16741
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function doactivate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or characters within a file created by the "faxq-helper activate " command...
CVE-2018-16742
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...
DEBIAN-CVE-2018-16741
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function doactivate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or characters within a file created by the "faxq-helper activate " command...
UBUNTU-CVE-2018-16743
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...
DEBIAN-CVE-2018-16743
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...
DEBIAN-CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
UBUNTU-CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
UBUNTU-CVE-2018-16742
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...
UBUNTU-CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16742
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16744
Summary: CVE-2018-16744 affects mgetty before 1.2.1. In fax_notify_mail() (faxrec.c), the mail_to parameter is not sanitized, and because popen is used, untrusted input could trigger a command injection. The issue is documented across multiple advisories (e.g., Red Hat open/unpatched statuses) an...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16745
CVE-2018-16745 concerns mgetty before 1.2.1. In fax_notify_mail()’s faxrec.c, the mail_to parameter is not sanitized, which could allow a buffer overflow if long untrusted input reaches it. This is the root cause and potential impact described in the public CVE entry. The connected documents conf...
CVE-2018-16743
CVE-2018-16743 affects mgetty prior to 1.2.1. In contrib/next-login/login.c, the username command-line parameter is passed unsanitized to strcpy(), causing a stack-based buffer overflow. This is a local vulnerability with potential partial confidentiality/integrity/availability impact. Mitigation...
CVE-2018-16742
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...
CVE-2018-16742
CVE-2018-16742 affects mgetty prior to 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered by a command-line parameter, enabling potential memory corruption. Affected versions are older than 1.2.1; mitigation is to upgrade to 1.2.1 or later (as reflected in vendor advisories...
CVE-2018-16743
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...
CVE-2018-16743
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...