MidnightBSD

Advisories for nongnu

CVE-2009-0359 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nongnu samizdat *
CVE-2010-3846 MEDIUM

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nongnu cvs 1.11.23
CVE-2013-7322 MEDIUM

usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
nongnu oath_toolkit 1.12.5
nongnu oath_toolkit 1.6.0
nongnu oath_toolkit 1.2.1
nongnu oath_toolkit 1.2.2
nongnu oath_toolkit 1.12.1
nongnu oath_toolkit 2.0.1
nongnu oath_toolkit 1.0.1
nongnu oath_toolkit 1.12.2
nongnu oath_toolkit 1.6.1
nongnu oath_toolkit 1.2.0
nongnu oath_toolkit 1.10.0
nongnu oath_toolkit 1.4.2
nongnu oath_toolkit 1.10.1
nongnu oath_toolkit 1.8.2
nongnu oath_toolkit 1.6.4
nongnu oath_toolkit 1.10.2
nongnu oath_toolkit 1.8.1
nongnu oath_toolkit 1.4.3
nongnu oath_toolkit 1.10.5
nongnu oath_toolkit 1.12.0
nongnu oath_toolkit 1.4.1
nongnu oath_toolkit 1.6.2
nongnu oath_toolkit 1.6.3
nongnu oath_toolkit 1.12.6
nongnu oath_toolkit 1.12.3
nongnu oath_toolkit 1.4.4
nongnu oath_toolkit 2.2.0
nongnu oath_toolkit 1.10.4
nongnu oath_toolkit 1.4.5
nongnu oath_toolkit 1.0.0
nongnu oath_toolkit 1.4.0
nongnu oath_toolkit 1.12.4
nongnu oath_toolkit 1.10.3
nongnu oath_toolkit 1.8.0
nongnu oath_toolkit *
nongnu oath_toolkit 2.0.0
nongnu oath_toolkit 2.0.2
nongnu oath_toolkit 1.4.6
CVE-2014-2886 MEDIUM

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nongnu gksu 2.0.2
CVE-2018-1000637 MEDIUM

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nongnu zutils 1.8
nongnu zutils *
debian debian_linux 8.0
CVE-2019-17455 HIGH

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
opensuse leap 15.1
opensuse backports_sle 15.0
fedoraproject fedora 32
canonical ubuntu_linux 16.04
nongnu libntlm *
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
fedoraproject fedora 33
CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).

Products Affected

Vendor Product Version
nongnu dmidecode *