Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVSS Score
10.0
EPSS Score
0.195
Published
2004-08-09
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVSS Score
5.0
EPSS Score
0.024
Published
2004-08-09
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
CVSS Score
7.2
EPSS Score
0.009
Published
2004-08-06
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
CVSS Score
4.6
EPSS Score
0.004
Published
2004-08-06
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
CVSS Score
2.1
EPSS Score
0.004
Published
2004-07-07
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.
CVSS Score
5.0
EPSS Score
0.013
Published
2004-06-01
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
CVSS Score
5.0
EPSS Score
0.019
Published
2004-03-03
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
CVSS Score
5.0
EPSS Score
0.035
Published
2004-03-03
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
CVSS Score
6.8
EPSS Score
0.02
Published
2004-02-17
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
CVSS Score
4.3
EPSS Score
0.013
Published
2004-02-17


Contact Us

Shodan ® - All rights reserved