| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9797 | V | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | 2013-04-29 |
| oval:org.mitre.oval:def:10700 | V | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | 2013-04-29 |
| oval:org.mitre.oval:def:10902 | V | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | 2013-04-29 |