Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
5.5CVSS
5.4AI Score
0.0004EPSS
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
7.8CVSS
7.5AI Score
0.001EPSS
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.
8.1CVSS
7.9AI Score
0.005EPSS
9.8CVSS
9.6AI Score
0.002EPSS
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
7.5CVSS
7.4AI Score
0.003EPSS
9.8CVSS
9.4AI Score
0.004EPSS
9.8CVSS
9.4AI Score
0.002EPSS
3.3CVSS
4.2AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.003EPSS
6.1CVSS
6AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.003EPSS
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...
7.5CVSS
7.4AI Score
0.007EPSS
6.1CVSS
6.3AI Score
0.003EPSS
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
6.5CVSS
6.4AI Score
0.005EPSS
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
4.8CVSS
5AI Score
0.0004EPSS
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
9.8CVSS
9.7AI Score
0.007EPSS
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
6.5CVSS
6.3AI Score
0.025EPSS
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
5.5CVSS
5.4AI Score
0.001EPSS
6.1CVSS
7AI Score
0.005EPSS
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
8.8CVSS
8.7AI Score
0.007EPSS
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
5.9CVSS
5.7AI Score
0.002EPSS
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
9.8CVSS
9.4AI Score
0.007EPSS
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
6.5CVSS
6.9AI Score
0.01EPSS
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
7.8CVSS
7.8AI Score
0.001EPSS
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
7.5CVSS
7.4AI Score
0.008EPSS
7.8CVSS
7.3AI Score
0.0004EPSS
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
8.8CVSS
8.6AI Score
0.003EPSS
5.5CVSS
5.6AI Score
0.0005EPSS
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
7.5CVSS
7.4AI Score
0.003EPSS
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
7.5CVSS
7.4AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
9.8CVSS
9.4AI Score
0.002EPSS
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
9.8CVSS
9.7AI Score
0.005EPSS
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
7.8CVSS
7.5AI Score
0.0004EPSS
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
4.7CVSS
4.8AI Score
0.001EPSS
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
7.8CVSS
7.8AI Score
0.0004EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...
5.5CVSS
5.2AI Score
0.0004EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...
5.5CVSS
5.3AI Score
0.0004EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message be...
5.5CVSS
5.3AI Score
0.0004EPSS
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
7.8CVSS
7.5AI Score
0.001EPSS
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
9.8CVSS
9.5AI Score
0.05EPSS
4.3CVSS
4.5AI Score
0.006EPSS
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
9.8CVSS
9.9AI Score
0.012EPSS
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
7.8CVSS
7.4AI Score
0.0004EPSS
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
5.3CVSS
5.3AI Score
0.013EPSS
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
5.3CVSS
5.4AI Score
0.0004EPSS
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
9.8CVSS
9.3AI Score
0.887EPSS
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access...
7.5CVSS
7.5AI Score
0.004EPSS
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
9.8CVSS
9.6AI Score
0.012EPSS
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
6.7CVSS
6.5AI Score
0.0004EPSS