Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-db vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2018-25078
man-db prior to 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
Man-db Project Man-db
725
VMScore
CVE-2015-1336
The daily mandb cleanup job in Man-db prior to 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Man-db Project Man-db
1 EDB exploit
465
VMScore
CVE-2003-0645
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
Andries Brouwer Man 2.3.20
Andries Brouwer Man 2.4.1
1 EDB exploit
107
VMScore
CVE-2001-1331
mandb in the man-db package prior to 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
Progeny Debian 1.0
Debian Debian Linux 2.2
465
VMScore
CVE-2003-0620
Multiple buffer overflows in man-db 2.4.1 and previous versions, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so ar...
Andries Brouwer Man 2.4
Andries Brouwer Man 2.4.1
Andries Brouwer Man 2.3.18
Andries Brouwer Man 2.3.19
Andries Brouwer Man 2.3.20
1 EDB exploit
725
VMScore
CVE-2001-0193
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
Debian Debian Linux 2.2
Suse Suse Linux 6.3
Suse Suse Linux 6.4
Suse Suse Linux 7.0
1 EDB exploit
1000
VMScore
CVE-1999-0730
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
Debian Debian Linux 4.0
1 EDB exploit
465
VMScore
CVE-2006-4250
Buffer overflow in man and mandb (man-db) 2.4.3 and previous versions allows local users to execute arbitrary code via crafted arguments to the -H flag.
Debian Debian Linux 3.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started