Filtered by vendor Nongnu
Subscribe
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30630 | 1 Nongnu | 1 Dmidecode | 2024-11-21 | N/A | 7.1 HIGH |
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. | |||||
CVE-2019-17455 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | |||||
CVE-2018-1000637 | 2 Debian, Nongnu | 2 Debian Linux, Zutils | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. | |||||
CVE-2014-2886 | 1 Nongnu | 1 Gksu | 2024-11-21 | 6.8 MEDIUM | N/A |
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. | |||||
CVE-2013-7322 | 1 Nongnu | 1 Oath Toolkit | 2024-11-21 | 4.9 MEDIUM | N/A |
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | |||||
CVE-2010-3846 | 1 Nongnu | 1 Cvs | 2024-11-21 | 6.9 MEDIUM | N/A |
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. | |||||
CVE-2009-0359 | 1 Nongnu | 1 Samizdat | 2024-11-21 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. | |||||
CVE-2007-3209 | 1 Nongnu | 1 Mail Notification | 2024-11-21 | 7.8 HIGH | N/A |
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. |