Vulnerabilities (CVE)

Filtered by vendor Nongnu Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30630 1 Nongnu 1 Dmidecode 2024-11-21 N/A 7.1 HIGH
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
CVE-2019-17455 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
CVE-2018-1000637 2 Debian, Nongnu 2 Debian Linux, Zutils 2024-11-21 6.8 MEDIUM 7.8 HIGH
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
CVE-2014-2886 1 Nongnu 1 Gksu 2024-11-21 6.8 MEDIUM N/A
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
CVE-2013-7322 1 Nongnu 1 Oath Toolkit 2024-11-21 4.9 MEDIUM N/A
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
CVE-2010-3846 1 Nongnu 1 Cvs 2024-11-21 6.9 MEDIUM N/A
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
CVE-2009-0359 1 Nongnu 1 Samizdat 2024-11-21 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.
CVE-2007-3209 1 Nongnu 1 Mail Notification 2024-11-21 7.8 HIGH N/A
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.