| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| Sendmail decode alias can be used to overwrite sensitive files. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
| NFS cache poisoning. |
| Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
| FreeBSD mmap function allows users to modify append-only or immutable files. |
| OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. |
| Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. |
| Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
| When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. |
| rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line. |
