Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2014 | 0.03 | — | 0.01 | Dec 31, 2004 | Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | |||
| CVE-2004-0353 | 0.03 | — | 0.05 | Nov 23, 2004 | Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string. | |||
| CVE-2004-0548 | 0.03 | — | 0.01 | Aug 6, 2004 | Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. | |||
| CVE-2003-1232 | 0.03 | — | 0.03 | Dec 31, 2003 | Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | |||
| CVE-2003-0854 | 0.03 | — | 0.01 | Nov 17, 2003 | ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | |||
| CVE-2003-0038 | 0.03 | — | 0.05 | Feb 7, 2003 | Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | |||
| CVE-2002-0855 | 0.03 | — | 0.06 | Sep 5, 2002 | Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | |||
| CVE-2002-1602 | 0.03 | — | 0.01 | Apr 23, 2002 | Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | |||
| CVE-2001-1036 | 0.03 | — | 0.01 | Aug 31, 2001 | GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. | |||
| CVE-2000-0824 | 0.03 | — | 0.01 | Nov 14, 2000 | The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as… | |||
| CVE-1999-0767 | 0.03 | — | 0.01 | Sep 8, 1999 | Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. | |||
| CVE-1999-0491 | 0.03 | — | 0.01 | Apr 20, 1999 | The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | |||
| CVE-2021-38185 | 0.02 | — | 0.04 | Aug 7, 2021 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with… | |||
| CVE-2015-6251 | 0.02 | — | 0.19 | Aug 24, 2015 | Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | |||
| CVE-2014-0092 | 0.02 | — | 0.30 | Mar 7, 2014 | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||
| CVE-2021-26937 | 0.01 | — | 0.09 | Feb 9, 2021 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||
| CVE-2020-12108 | 0.01 | — | 0.03 | May 6, 2020 | /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | |||
| CVE-2015-8437 | 0.01 | — | 0.07 | Dec 10, 2015 | Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK &… | |||
| CVE-2015-8435 | 0.01 | — | 0.07 | Dec 10, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows… | |||
| CVE-2015-8432 | 0.01 | — | 0.07 | Dec 10, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows… | |||
| CVE-2015-8407 | 0.01 | — | 0.08 | Dec 10, 2015 | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows… | |||
| CVE-2015-7643 | 0.01 | — | 0.07 | Oct 15, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to… | |||
| CVE-2015-7633 | 0.01 | — | 0.08 | Oct 15, 2015 | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a… | |||
| CVE-2015-7630 | 0.01 | — | 0.07 | Oct 15, 2015 | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a… | |||
| CVE-2015-3086 | 0.01 | — | 0.07 | May 13, 2015 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary… | |||
| CVE-2015-3084 | 0.01 | — | 0.07 | May 13, 2015 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary… | |||
| CVE-2015-2775 | 0.01 | — | 0.08 | Apr 13, 2015 | Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |||
| CVE-2015-2806 | 0.01 | — | 0.08 | Apr 10, 2015 | Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2014-9402 | 0.01 | — | 0.08 | Feb 24, 2015 | The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name… | |||
| CVE-2015-0330 | 0.01 | — | 0.08 | Feb 6, 2015 | Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than… | |||
| CVE-2015-0327 | 0.01 | — | 0.09 | Feb 6, 2015 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323. | |||
| CVE-2015-0326 | 0.01 | — | 0.06 | Feb 6, 2015 | Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different… | |||
| CVE-2014-9471 | 0.01 | — | 0.07 | Jan 16, 2015 | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | |||
| CVE-2014-8485 | 0.01 | — | 0.07 | Dec 9, 2014 | The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. | |||
| CVE-2014-6040 | 0.01 | — | 0.07 | Dec 5, 2014 | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364… | |||
| CVE-2014-9112 | 0.01 | — | 0.07 | Dec 2, 2014 | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||
| CVE-2014-0559 | 0.01 | — | 0.13 | Sep 10, 2014 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and… | |||
| CVE-2014-3465 | 0.01 | — | 0.07 | Jun 10, 2014 | The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when… | |||
| CVE-2014-3467 | 0.01 | — | 0.07 | Jun 5, 2014 | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||
| CVE-2014-3466 | 0.01 | — | 0.11 | Jun 3, 2014 | Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a… | |||
| CVE-2014-0506 | 0.01 | — | 0.08 | Mar 27, 2014 | Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before… | |||
| CVE-2013-1619 | 0.01 | — | 0.06 | Feb 8, 2013 | The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct… | |||
| CVE-2008-3863 | 0.01 | — | 0.08 | Oct 23, 2008 | Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related… | |||
| CVE-2008-1948 | 0.01 | — | 0.12 | May 21, 2008 | The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a… | |||
| CVE-2003-0255 | 0.01 | — | 0.07 | May 27, 2003 | The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | |||
| CVE-2003-0028 | 0.01 | — | 0.15 | Mar 25, 2003 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in… | |||
| CVE-2002-0029 | 0.01 | — | 0.10 | Nov 29, 2002 | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)… | |||
| CVE-2002-0651 | 0.01 | — | 0.13 | Jul 3, 2002 | Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. | |||
| CVE-2001-1376 | 0.01 | — | 0.09 | Mar 4, 2002 | Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | |||
| CVE-2026-41992 | 0.00 | — | 0.00 | Jun 30, 2026 | GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and… |
- CVE-2004-2014Dec 31, 2004risk 0.03cvss —epss 0.01
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
- CVE-2004-0353Nov 23, 2004risk 0.03cvss —epss 0.05
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
- CVE-2004-0548Aug 6, 2004risk 0.03cvss —epss 0.01
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
- CVE-2003-1232Dec 31, 2003risk 0.03cvss —epss 0.03
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
- CVE-2003-0854Nov 17, 2003risk 0.03cvss —epss 0.01
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
- CVE-2003-0038Feb 7, 2003risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
- CVE-2002-0855Sep 5, 2002risk 0.03cvss —epss 0.06
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
- CVE-2002-1602Apr 23, 2002risk 0.03cvss —epss 0.01
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
- CVE-2001-1036Aug 31, 2001risk 0.03cvss —epss 0.01
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
- CVE-2000-0824Nov 14, 2000risk 0.03cvss —epss 0.01
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as…
- CVE-1999-0767Sep 8, 1999risk 0.03cvss —epss 0.01
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
- CVE-1999-0491Apr 20, 1999risk 0.03cvss —epss 0.01
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
- CVE-2021-38185Aug 7, 2021risk 0.02cvss —epss 0.04
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with…
- CVE-2015-6251Aug 24, 2015risk 0.02cvss —epss 0.19
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
- CVE-2014-0092Mar 7, 2014risk 0.02cvss —epss 0.30
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
- CVE-2021-26937Feb 9, 2021risk 0.01cvss —epss 0.09
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
- CVE-2020-12108May 6, 2020risk 0.01cvss —epss 0.03
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
- CVE-2015-8437Dec 10, 2015risk 0.01cvss —epss 0.07
Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK &…
- CVE-2015-8435Dec 10, 2015risk 0.01cvss —epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…
- CVE-2015-8432Dec 10, 2015risk 0.01cvss —epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…
- CVE-2015-8407Dec 10, 2015risk 0.01cvss —epss 0.08
Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…
- CVE-2015-7643Oct 15, 2015risk 0.01cvss —epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to…
- CVE-2015-7633Oct 15, 2015risk 0.01cvss —epss 0.08
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…
- CVE-2015-7630Oct 15, 2015risk 0.01cvss —epss 0.07
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a…
- CVE-2015-3086May 13, 2015risk 0.01cvss —epss 0.07
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary…
- CVE-2015-3084May 13, 2015risk 0.01cvss —epss 0.07
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary…
- CVE-2015-2775Apr 13, 2015risk 0.01cvss —epss 0.08
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
- CVE-2015-2806Apr 10, 2015risk 0.01cvss —epss 0.08
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
- CVE-2014-9402Feb 24, 2015risk 0.01cvss —epss 0.08
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name…
- CVE-2015-0330Feb 6, 2015risk 0.01cvss —epss 0.08
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…
- CVE-2015-0327Feb 6, 2015risk 0.01cvss —epss 0.09
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323.
- CVE-2015-0326Feb 6, 2015risk 0.01cvss —epss 0.06
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different…
- CVE-2014-9471Jan 16, 2015risk 0.01cvss —epss 0.07
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
- CVE-2014-8485Dec 9, 2014risk 0.01cvss —epss 0.07
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
- CVE-2014-6040Dec 5, 2014risk 0.01cvss —epss 0.07
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364…
- CVE-2014-9112Dec 2, 2014risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
- CVE-2014-0559Sep 10, 2014risk 0.01cvss —epss 0.13
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and…
- CVE-2014-3465Jun 10, 2014risk 0.01cvss —epss 0.07
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when…
- CVE-2014-3467Jun 5, 2014risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
- CVE-2014-3466Jun 3, 2014risk 0.01cvss —epss 0.11
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a…
- CVE-2014-0506Mar 27, 2014risk 0.01cvss —epss 0.08
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before…
- CVE-2013-1619Feb 8, 2013risk 0.01cvss —epss 0.06
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct…
- CVE-2008-3863Oct 23, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related…
- CVE-2008-1948May 21, 2008risk 0.01cvss —epss 0.12
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a…
- CVE-2003-0255May 27, 2003risk 0.01cvss —epss 0.07
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
- CVE-2003-0028Mar 25, 2003risk 0.01cvss —epss 0.15
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…
- CVE-2002-0029Nov 29, 2002risk 0.01cvss —epss 0.10
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)…
- CVE-2002-0651Jul 3, 2002risk 0.01cvss —epss 0.13
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
- CVE-2001-1376Mar 4, 2002risk 0.01cvss —epss 0.09
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
- CVE-2026-41992Jun 30, 2026risk 0.00cvss —epss 0.00
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and…
Page 10 of 23