The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
CVSS Score
4.3
EPSS Score
0.003
Published
2007-03-15
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVSS Score
6.2
EPSS Score
0.001
Published
2002-08-12
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVSS Score
3.6
EPSS Score
0.001
Published
2002-01-31
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
CVSS Score
4.6
EPSS Score
0.002
Published
2001-12-21
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
7.5
EPSS Score
0.01
Published
2001-12-19
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
CVSS Score
7.5
EPSS Score
0.199
Published
2001-09-20
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.008
Published
2001-06-27
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
CVSS Score
7.2
EPSS Score
0.002
Published
2001-05-28
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-03-26
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.095
Published
2001-03-26