Vulnerabilities > Nongnu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-13 | CVE-2023-30630 | Unspecified vulnerability in Nongnu Dmidecode Dmidecode before 3.5 allows -dump-bin to overwrite a local file. | 7.1 |
| 2019-10-10 | CVE-2019-17455 | Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | 9.8 |
| 2018-08-20 | CVE-2018-1000637 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. | 6.8 |
| 2014-09-18 | CVE-2014-2886 | Permissions, Privileges, and Access Controls vulnerability in Nongnu Gksu 2.0.2 GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. | 6.8 |
| 2014-03-09 | CVE-2013-7322 | Improper Authentication vulnerability in Nongnu Oath Toolkit usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | 4.9 |
| 2007-06-14 | CVE-2007-3209 | Information Disclosure vulnerability in Nongnu Mail Notification 4.0 Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.8 |