Page 2 of 11 results (0.008 seconds)

CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 permite sobreescribir ficheros de su elección a los usuarios locales a través de un ataque de enlace simbólico sobre un fichero temporal pdf#####.tmp . • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://openwall.com/lists/oss-security/2009/08/09/1 http://ope • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372 http://marc.info/?l=bugtraq&m=110358225615424&w=2 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 https://exchange.xforce.ibmcloud.com/vulnerabilities/18660 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313 http://secunia.com/advisories/18764 http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml http://www.securityfocus.com/bid/11287 http://www.trustix.org/errata/2004/0050 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. Desbordamiento de buffer en el preprocesador de groff 1.16 y anteriores permite que un atacante obtenga privilegios de lpd en el sistema de impresión LPRng • http://online.securityfocus.com/advisories/3793 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php http://www.redhat.com/support/errata/RHSA-2002-004.html http://www.securityfocus.com/bid/3869 https://exchange.xforce.ibmcloud.com/vulnerabilities/7881 https://access.redhat.com/security/cve/CVE-2002-0003 https://bugzilla.redhat.com/show_bug.cgi?id=1616712 •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 2

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. • https://www.exploit-db.com/exploits/21037 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 http://www.debian.org/security/2001/dsa-072 http://www.debian.org/security/2002/dsa-107 http://www.osvdb.org/1914 http://www.redhat.com/support/errata/RHSA-2002-004.html http://www.securityfocus.com/archive/1/199706 http://www.securityfocus.com/bid/3103 https://exchange.xforce.ibmcloud.com/vulnerabilities/6918 https://access.redhat.com/security/cve/CVE-2001-1 •