htdig allows remote attackers to execute commands via filenames with shell metacharacters.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Denial of service in Debian IRC Epic/epic4 client via a long string.

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.