Vulnerabilities > Nongnu

DATE CVE VULNERABILITY TITLE RISK
2023-04-13 CVE-2023-30630 Unspecified vulnerability in Nongnu Dmidecode
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
local
low complexity
nongnu
7.1
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
9.8
2018-08-20 CVE-2018-1000637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution.
6.8
2014-09-18 CVE-2014-2886 Permissions, Privileges, and Access Controls vulnerability in Nongnu Gksu 2.0.2
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
network
nongnu CWE-264
6.8
2014-03-09 CVE-2013-7322 Improper Authentication vulnerability in Nongnu Oath Toolkit
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.
network
nongnu CWE-287
4.9
2007-06-14 CVE-2007-3209 Information Disclosure vulnerability in Nongnu Mail Notification 4.0
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
nongnu
7.8