linux vulnerabilities and exploits

9.3
CVSSv2
CVE-2008-0223

Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file....

9.3
CVSSv2
CVE-2007-5687

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not...

4.6
CVSSv2
CVE-2001-1375

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory....

7.2
CVSSv2
CVE-2004-1452

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts....

7.2
CVSSv2
CVE-2000-1125

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program....

RedhatLinux
6.2
CVSSv2
CVE-2000-0031

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack....

10
CVSSv2
CVE-2003-0248

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address....

2.1
CVSSv2
CVE-2004-1107

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files....

2.1
CVSSv2
CVE-2004-1108

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory....

7.5
CVSSv2
CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job....