Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
CVSS Score
7.2
EPSS Score
0.002
Published
2002-08-12
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVSS Score
6.2
EPSS Score
0.001
Published
2002-08-12
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVSS Score
2.1
EPSS Score
0.008
Published
2002-03-15
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
CVSS Score
7.5
EPSS Score
0.002
Published
2002-03-08
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
CVSS Score
7.5
EPSS Score
0.056
Published
2002-03-08
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
CVSS Score
2.6
EPSS Score
0.014
Published
2002-03-08
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVSS Score
7.2
EPSS Score
0.003
Published
2002-02-27
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVSS Score
3.6
EPSS Score
0.001
Published
2002-01-31
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
CVSS Score
4.6
EPSS Score
0.002
Published
2001-12-21
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
7.5
EPSS Score
0.01
Published
2001-12-19