| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The WorkMan program can be used to overwrite any file to get root access. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| Denial of service through Solaris 2.5.1 telnet by sending ^D characters. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. |
| Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| Teardrop IP denial of service. |
| Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. |
| Denial of service by sending forged ICMP unreachable packets. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
