UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-01-24
Updated
2021-09-14
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
Max CVSS
5.0
EPSS Score
0.69%
Published
2007-11-26
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
Max CVSS
4.3
EPSS Score
0.41%
Published
2005-11-01
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
Max CVSS
4.3
EPSS Score
0.37%
Published
2005-11-01
Updated
2011-03-08
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
Max CVSS
6.4
EPSS Score
0.42%
Published
2005-11-18
Updated
2011-10-18
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2005-11-18
Updated
2011-10-18
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
Max CVSS
5.0
EPSS Score
0.75%
Published
2005-10-30
Updated
2011-03-08
7 vulnerabilities found