Filtered by vendor Gnu
Subscribe
Total
1161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1487 | 1 Gnu | 1 Wget | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
|
|||||
| CVE-2004-0970 | 1 Gnu | 1 Gzip | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
|
|||||
| CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
|
|||||
| CVE-2004-1382 | 1 Gnu | 1 Glibc | 2025-04-03 | 2.1 LOW | N/A |
|
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
|
|||||
| CVE-2001-0884 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
|
|||||
| CVE-2005-0990 | 1 Gnu | 1 Sharutils | 2025-04-03 | 2.1 LOW | N/A |
|
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
|
|||||
| CVE-2005-0758 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gzip | 2025-04-03 | 4.6 MEDIUM | N/A |
|
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
|
|||||
| CVE-2004-1296 | 1 Gnu | 1 Groff | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0269 | 1 Gnu | 1 Emacs | 2025-04-03 | 2.1 LOW | N/A |
|
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
|
|||||
| CVE-2006-2362 | 1 Gnu | 1 Binutils | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
|
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
|
|||||
| CVE-2001-0290 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
|
|||||
| CVE-2003-0971 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
|
|||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2025-04-03 | 2.1 LOW | N/A |
|
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2003-1232 | 1 Gnu | 1 Emacs | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
|
|||||
| CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in NLS (Natural Language Service).
|
|||||
| CVE-2001-1228 | 1 Gnu | 1 Gzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
|
|||||
| CVE-2001-1036 | 2 Gnu, Slackware | 2 Findutils, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
|
|||||
| CVE-2002-1344 | 2 Gnu, Sun | 2 Wget, Cobalt Raq Xtr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
|
|||||
| CVE-2005-3355 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
|
|||||
| CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2025-04-03 | 1.2 LOW | N/A |
|
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
|
|||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
|
|||||
| CVE-2003-0795 | 3 Gnu, Quagga, Sgi | 3 Zebra, Quagga, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
|
|||||
| CVE-2004-2461 | 1 Gnu | 1 Gnubiff | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
|
|||||
| CVE-2004-1453 | 1 Gnu | 1 Glibc | 2025-04-03 | 2.1 LOW | N/A |
|
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
|
|||||
| CVE-2002-0178 | 1 Gnu | 1 Sharutils | 2025-04-03 | 7.2 HIGH | N/A |
|
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
|
|||||
| CVE-2000-1137 | 1 Gnu | 1 Ed | 2025-04-03 | 4.6 MEDIUM | N/A |
|
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
|
|||||
| CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
|
|||||
| CVE-2003-0965 | 1 Gnu | 1 Mailman | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
|
|||||
| CVE-2003-0255 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 10.0 HIGH | N/A |
|
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
|
|||||
| CVE-2004-0778 | 1 Gnu | 1 Cvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
|
|||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
|
|||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2025-04-03 | 7.8 HIGH | N/A |
|
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
|
|||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
|
|||||
| CVE-2006-4790 | 1 Gnu | 1 Gnutls | 2025-04-03 | 5.0 MEDIUM | N/A |
|
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
|
|||||
| CVE-2002-0435 | 1 Gnu | 1 Fileutils | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
|
|||||
| CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
|
|||||
| CVE-2003-0972 | 1 Gnu | 1 Screen | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
|
|||||
| CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2025-04-03 | 2.1 LOW | N/A |
|
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
|
|||||
| CVE-2004-1170 | 3 Gnu, Sun, Suse | 3 A2ps, Java Desktop System, Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
|
|||||
| CVE-2003-0854 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2025-04-03 | 2.1 LOW | N/A |
|
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
|
|||||