VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2004-2014Dec 31, 2004
    risk 0.03cvss epss 0.01

    Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

  • CVE-2004-0353Nov 23, 2004
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.

  • CVE-2004-0548Aug 6, 2004
    risk 0.03cvss epss 0.01

    Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

  • CVE-2003-1232Dec 31, 2003
    risk 0.03cvss epss 0.03

    Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

  • CVE-2003-0854Nov 17, 2003
    risk 0.03cvss epss 0.01

    ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2003-0038Feb 7, 2003
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

  • CVE-2002-0855Sep 5, 2002
    risk 0.03cvss epss 0.06

    Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

  • CVE-2002-1602Apr 23, 2002
    risk 0.03cvss epss 0.01

    Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.

  • CVE-2001-1036Aug 31, 2001
    risk 0.03cvss epss 0.01

    GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

  • CVE-2000-0824Nov 14, 2000
    risk 0.03cvss epss 0.01

    The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as…

  • CVE-1999-0767Sep 8, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

  • CVE-1999-0491Apr 20, 1999
    risk 0.03cvss epss 0.01

    The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

  • CVE-2021-38185Aug 7, 2021
    risk 0.02cvss epss 0.04

    GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with…

  • CVE-2015-6251Aug 24, 2015
    risk 0.02cvss epss 0.19

    Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

  • CVE-2014-0092Mar 7, 2014
    risk 0.02cvss epss 0.30

    lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2021-26937Feb 9, 2021
    risk 0.01cvss epss 0.09

    encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

  • CVE-2020-12108May 6, 2020
    risk 0.01cvss epss 0.03

    /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

  • CVE-2015-8437Dec 10, 2015
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK &…

  • CVE-2015-8435Dec 10, 2015
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8432Dec 10, 2015
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8407Dec 10, 2015
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-7643Oct 15, 2015
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to…

  • CVE-2015-7633Oct 15, 2015
    risk 0.01cvss epss 0.08

    Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…

  • CVE-2015-7630Oct 15, 2015
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…

  • CVE-2015-3086May 13, 2015
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary…

  • CVE-2015-3084May 13, 2015
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary…

  • CVE-2015-2775Apr 13, 2015
    risk 0.01cvss epss 0.08

    Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

  • CVE-2015-2806Apr 10, 2015
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2014-9402Feb 24, 2015
    risk 0.01cvss epss 0.08

    The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name…

  • CVE-2015-0330Feb 6, 2015
    risk 0.01cvss epss 0.08

    Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2015-0327Feb 6, 2015
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323.

  • CVE-2015-0326Feb 6, 2015
    risk 0.01cvss epss 0.06

    Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different…

  • CVE-2014-9471Jan 16, 2015
    risk 0.01cvss epss 0.07

    The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

  • CVE-2014-8485Dec 9, 2014
    risk 0.01cvss epss 0.07

    The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

  • CVE-2014-6040Dec 5, 2014
    risk 0.01cvss epss 0.07

    GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364…

  • CVE-2014-9112Dec 2, 2014
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

  • CVE-2014-0559Sep 10, 2014
    risk 0.01cvss epss 0.13

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and…

  • CVE-2014-3465Jun 10, 2014
    risk 0.01cvss epss 0.07

    The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when…

  • CVE-2014-3467Jun 5, 2014
    risk 0.01cvss epss 0.07

    Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

  • CVE-2014-3466Jun 3, 2014
    risk 0.01cvss epss 0.11

    Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a…

  • CVE-2014-0506Mar 27, 2014
    risk 0.01cvss epss 0.08

    Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before…

  • CVE-2013-1619Feb 8, 2013
    risk 0.01cvss epss 0.06

    The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct…

  • CVE-2008-3863Oct 23, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related…

  • CVE-2008-1948May 21, 2008
    risk 0.01cvss epss 0.12

    The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a…

  • CVE-2003-0255May 27, 2003
    risk 0.01cvss epss 0.07

    The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

  • CVE-2003-0028Mar 25, 2003
    risk 0.01cvss epss 0.15

    Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…

  • CVE-2002-0029Nov 29, 2002
    risk 0.01cvss epss 0.10

    Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)…

  • CVE-2002-0651Jul 3, 2002
    risk 0.01cvss epss 0.13

    Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

  • CVE-2001-1376Mar 4, 2002
    risk 0.01cvss epss 0.09

    Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

  • CVE-2026-41992Jun 30, 2026
    risk 0.00cvss epss 0.00

    GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and…

Page 10 of 23