CVSS: 6.8EPSS: 26%CPEs: 12EXPL: 1CVE-2006-3636 – Mailman 2.1.x - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3636
06 Sep 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mailman anterior a 2.1.9rc1 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/28570 •
CVSS: 7.5EPSS: 56%CPEs: 12EXPL: 0CVE-2006-2941
https://notcve.org/view.php?id=CVE-2006-2941
06 Sep 2006 — Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". Mailman anterior a 2.1.9rc1 permite a un atacante remoto provocar denegación de servicio a través de vectores no especificados que envuelven "cabeceras formadas de estándar-rotos RFC 2231". • http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4146 – GDB buffer overflow
https://notcve.org/view.php?id=CVE-2006-4146
31 Aug 2006 — Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. Desbordamiento de búfer en el código de depuración (1) DWARF (dwarfread.c) y (2) DWARF2 (dwarf2read.c) en GNU Debugger (GDB) 6.5 permite a atacantes con la intervención del usuario, o a usuarios restringidos, ejecu... • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2006-2362 – GNU BinUtils 2.1x - Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2362
15 May 2006 — Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. • https://www.exploit-db.com/exploits/27856 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1902
https://notcve.org/view.php?id=CVE-2006-1902
20 Apr 2006 — fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1712
https://notcve.org/view.php?id=CVE-2006-1712
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. • http://bugs.gentoo.org/show_bug.cgi?id=129136 •
CVSS: 7.5EPSS: 12%CPEs: 27EXPL: 0CVE-2006-0052
https://notcve.org/view.php?id=CVE-2006-0052
31 Mar 2006 — The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2006-0049
https://notcve.org/view.php?id=CVE-2006-0049
13 Mar 2006 — gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 9.8EPSS: 26%CPEs: 5EXPL: 0CVE-2006-0300
https://notcve.org/view.php?id=CVE-2006-0300
24 Feb 2006 — Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. • http://docs.info.apple.com/article.html?artnum=305214 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-0455 – GnuPG 1.x - Detached Signature Verification Bypass
https://notcve.org/view.php?id=CVE-2006-0455
15 Feb 2006 — gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificación de firma desatendida, devuelve un código de salida 0 en algunos casos, incluso... • https://www.exploit-db.com/exploits/27231 •