CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
Linux version 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, allowing local users to cause a denial of service by sending SIGIO to processes that do not catch it.
The NIS finger vulnerability allows an attacker to conduct a denial of service by sending a large number of finger requests, resulting in a large number of NIS queries.
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
A vulnerability in AIX 4.3 allows local users to create or modify files via a symlink attack in the acledit and aclput tools.
A vulnerability in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
The pkgtool package in Slackware Linux 3.4 allows a local attacker to read and write to arbitrary files via a symlink attack on the reply file.
The vulnerability in ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
The ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
The vulnerability in the sadc program on IBM AIX 4.1 through 4.3 allows local users to overwrite arbitrary files via a symlink attack when called from programs like timex that have the setgid bit set to adm.
Quake 2 server version 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, allowing local users to read arbitrary files via a symlink from config.cfg to the target file.
KDE beta 3 screen savers allow local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
Gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
The SGI syserr program allows local users to corrupt files.
The open() function in FreeBSD allows local attackers to write to arbitrary files.
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, leading to a core dump that may contain sensitive password information.
The asynchronous I/O facility in the 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, allowing local users to cause a denial of service.
Internet Explorer 3 records a history of all URLs visited by a user in DAT files located in the Temporary Internet Files and History folders. These files are not cleared when the 'Clear History' option is selected and are not visible when browsing the folders due to tailored displays.

