Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | samizdat | * |
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | cvs | 1.11.23 |
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | oath_toolkit | 1.12.5 |
| nongnu | oath_toolkit | 1.6.0 |
| nongnu | oath_toolkit | 1.2.1 |
| nongnu | oath_toolkit | 1.2.2 |
| nongnu | oath_toolkit | 1.12.1 |
| nongnu | oath_toolkit | 2.0.1 |
| nongnu | oath_toolkit | 1.0.1 |
| nongnu | oath_toolkit | 1.12.2 |
| nongnu | oath_toolkit | 1.6.1 |
| nongnu | oath_toolkit | 1.2.0 |
| nongnu | oath_toolkit | 1.10.0 |
| nongnu | oath_toolkit | 1.4.2 |
| nongnu | oath_toolkit | 1.10.1 |
| nongnu | oath_toolkit | 1.8.2 |
| nongnu | oath_toolkit | 1.6.4 |
| nongnu | oath_toolkit | 1.10.2 |
| nongnu | oath_toolkit | 1.8.1 |
| nongnu | oath_toolkit | 1.4.3 |
| nongnu | oath_toolkit | 1.10.5 |
| nongnu | oath_toolkit | 1.12.0 |
| nongnu | oath_toolkit | 1.4.1 |
| nongnu | oath_toolkit | 1.6.2 |
| nongnu | oath_toolkit | 1.6.3 |
| nongnu | oath_toolkit | 1.12.6 |
| nongnu | oath_toolkit | 1.12.3 |
| nongnu | oath_toolkit | 1.4.4 |
| nongnu | oath_toolkit | 2.2.0 |
| nongnu | oath_toolkit | 1.10.4 |
| nongnu | oath_toolkit | 1.4.5 |
| nongnu | oath_toolkit | 1.0.0 |
| nongnu | oath_toolkit | 1.4.0 |
| nongnu | oath_toolkit | 1.12.4 |
| nongnu | oath_toolkit | 1.10.3 |
| nongnu | oath_toolkit | 1.8.0 |
| nongnu | oath_toolkit | * |
| nongnu | oath_toolkit | 2.0.0 |
| nongnu | oath_toolkit | 2.0.2 |
| nongnu | oath_toolkit | 1.4.6 |
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | gksu | 2.0.2 |
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | zutils | 1.8 |
| nongnu | zutils | * |
| debian | debian_linux | 8.0 |
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| nongnu | libntlm | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 20.04 |
| fedoraproject | fedora | 33 |
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nongnu | dmidecode | * |