Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2222 | 0.00 | — | 0.05 | Oct 4, 2013 | Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3)… | |||
| CVE-2013-2116 | 0.00 | — | 0.04 | Jul 3, 2013 | The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. | |||
| CVE-2012-0864 | 0.00 | — | 0.03 | May 2, 2013 | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of… | |||
| CVE-2011-4609 | 0.00 | — | 0.02 | May 2, 2013 | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | |||
| CVE-2013-1914 | 0.00 | — | 0.04 | Apr 29, 2013 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain… | |||
| CVE-2011-4355 | 0.00 | — | 0.00 | Mar 5, 2013 | GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | |||
| CVE-2013-0242 | 0.00 | — | 0.03 | Feb 8, 2013 | Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. | |||
| CVE-2012-5667 | 0.00 | — | 0.01 | Jan 3, 2013 | Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. | |||
| CVE-2012-3509 | 0.00 | — | 0.04 | Sep 5, 2012 | Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of… | |||
| CVE-2012-3410 | 0.00 | — | 0.00 | Aug 27, 2012 | Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. | |||
| CVE-2012-1175 | 0.00 | — | 0.04 | Aug 26, 2012 | Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. | |||
| CVE-2012-3479 | 0.00 | — | 0.04 | Aug 25, 2012 | lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. | |||
| CVE-2012-3386 | 0.00 | — | 0.00 | Aug 7, 2012 | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |||
| CVE-2011-4328 | 0.00 | — | 0.02 | Jun 16, 2012 | plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | |||
| CVE-2012-1573 | 0.00 | — | 0.04 | Mar 26, 2012 | gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as… | |||
| CVE-2012-1569 | 0.00 | — | 0.04 | Mar 26, 2012 | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and… | |||
| CVE-2012-0035 | 0.00 | — | 0.03 | Jan 19, 2012 | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | |||
| CVE-2012-0390 | 0.00 | — | 0.01 | Jan 6, 2012 | The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel… | |||
| CVE-2011-5024 | 0.00 | — | 0.01 | Dec 29, 2011 | Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. | |||
| CVE-2011-4128 | 0.00 | — | 0.02 | Dec 8, 2011 | Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash)… | |||
| CVE-2011-3771 | 0.00 | — | 0.01 | Sep 24, 2011 | phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | |||
| CVE-2009-5082 | 0.00 | — | 0.00 | Jun 30, 2011 | The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a… | |||
| CVE-2009-5081 | 0.00 | — | 0.00 | Jun 30, 2011 | The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users… | |||
| CVE-2009-5080 | 0.00 | — | 0.00 | Jun 30, 2011 | The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to… | |||
| CVE-2009-5079 | 0.00 | — | 0.00 | Jun 30, 2011 | The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. | |||
| CVE-2009-5044 | 0.00 | — | 0.00 | Jun 24, 2011 | contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. | |||
| CVE-2011-1095 | 0.00 | — | 0.01 | Apr 10, 2011 | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses… | |||
| CVE-2011-1089 | 0.00 | — | 0.00 | Apr 10, 2011 | The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a… | |||
| CVE-2011-1659 | 0.00 | — | 0.03 | Apr 8, 2011 | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different… | |||
| CVE-2011-1658 | 0.00 | — | 0.00 | Apr 8, 2011 | ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2)… | |||
| CVE-2009-5064 | 0.00 | — | 0.01 | Mar 30, 2011 | ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense.… | |||
| CVE-2010-4651 | 0.00 | — | 0.05 | Mar 11, 2011 | Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. | |||
| CVE-2010-4756 | 0.00 | — | 0.03 | Mar 2, 2011 | The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an… | |||
| CVE-2011-0707 | 0.00 | — | 0.04 | Feb 22, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. | |||
| CVE-2010-4337 | 0.00 | — | 0.00 | Jan 14, 2011 | The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | |||
| CVE-2010-3444 | 0.00 | — | 0.04 | Jan 11, 2011 | Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string… | |||
| CVE-2010-3192 | 0.00 | — | 0.02 | Oct 14, 2010 | Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated… | |||
| CVE-2010-3089 | 0.00 | — | 0.02 | Sep 15, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. | |||
| CVE-2010-2056 | 0.00 | — | 0.00 | Jul 22, 2010 | GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2010-2252 | 0.00 | — | 0.04 | Jul 6, 2010 | GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx… | |||
| CVE-2010-0830 | 0.00 | — | 0.05 | Jun 1, 2010 | Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF… | |||
| CVE-2010-0296 | 0.00 | — | 0.01 | Jun 1, 2010 | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or… | |||
| CVE-2009-4881 | 0.00 | — | 0.02 | Jun 1, 2010 | Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as… | |||
| CVE-2006-7239 | 0.00 | — | 0.02 | May 24, 2010 | The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer… | |||
| CVE-2010-1161 | 0.00 | — | 0.00 | Apr 16, 2010 | Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||
| CVE-2010-1160 | 0.00 | — | 0.00 | Apr 16, 2010 | GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | |||
| CVE-2010-0825 | 0.00 | — | 0.00 | Apr 5, 2010 | lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | |||
| CVE-2010-0731 | 0.00 | — | 0.03 | Mar 26, 2010 | The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate… | |||
| CVE-2010-0624 | 0.00 | — | 0.05 | Mar 15, 2010 | Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more… | |||
| CVE-2010-0001 | 0.00 | — | 0.05 | Jan 29, 2010 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW… |
- CVE-2013-2222Oct 4, 2013risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3)…
- CVE-2013-2116Jul 3, 2013risk 0.00cvss —epss 0.04
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
- CVE-2012-0864May 2, 2013risk 0.00cvss —epss 0.03
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of…
- CVE-2011-4609May 2, 2013risk 0.00cvss —epss 0.02
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
- CVE-2013-1914Apr 29, 2013risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain…
- CVE-2011-4355Mar 5, 2013risk 0.00cvss —epss 0.00
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
- CVE-2013-0242Feb 8, 2013risk 0.00cvss —epss 0.03
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
- CVE-2012-5667Jan 3, 2013risk 0.00cvss —epss 0.01
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
- CVE-2012-3509Sep 5, 2012risk 0.00cvss —epss 0.04
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of…
- CVE-2012-3410Aug 27, 2012risk 0.00cvss —epss 0.00
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
- CVE-2012-1175Aug 26, 2012risk 0.00cvss —epss 0.04
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.
- CVE-2012-3479Aug 25, 2012risk 0.00cvss —epss 0.04
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
- CVE-2012-3386Aug 7, 2012risk 0.00cvss —epss 0.00
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
- CVE-2011-4328Jun 16, 2012risk 0.00cvss —epss 0.02
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
- CVE-2012-1573Mar 26, 2012risk 0.00cvss —epss 0.04
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as…
- CVE-2012-1569Mar 26, 2012risk 0.00cvss —epss 0.04
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and…
- CVE-2012-0035Jan 19, 2012risk 0.00cvss —epss 0.03
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
- CVE-2012-0390Jan 6, 2012risk 0.00cvss —epss 0.01
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel…
- CVE-2011-5024Dec 29, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
- CVE-2011-4128Dec 8, 2011risk 0.00cvss —epss 0.02
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash)…
- CVE-2011-3771Sep 24, 2011risk 0.00cvss —epss 0.01
phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files.
- CVE-2009-5082Jun 30, 2011risk 0.00cvss —epss 0.00
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a…
- CVE-2009-5081Jun 30, 2011risk 0.00cvss —epss 0.00
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users…
- CVE-2009-5080Jun 30, 2011risk 0.00cvss —epss 0.00
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to…
- CVE-2009-5079Jun 30, 2011risk 0.00cvss —epss 0.00
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
- CVE-2009-5044Jun 24, 2011risk 0.00cvss —epss 0.00
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
- CVE-2011-1095Apr 10, 2011risk 0.00cvss —epss 0.01
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses…
- CVE-2011-1089Apr 10, 2011risk 0.00cvss —epss 0.00
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a…
- CVE-2011-1659Apr 8, 2011risk 0.00cvss —epss 0.03
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different…
- CVE-2011-1658Apr 8, 2011risk 0.00cvss —epss 0.00
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2)…
- CVE-2009-5064Mar 30, 2011risk 0.00cvss —epss 0.01
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense.…
- CVE-2010-4651Mar 11, 2011risk 0.00cvss —epss 0.05
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
- CVE-2010-4756Mar 2, 2011risk 0.00cvss —epss 0.03
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an…
- CVE-2011-0707Feb 22, 2011risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
- CVE-2010-4337Jan 14, 2011risk 0.00cvss —epss 0.00
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
- CVE-2010-3444Jan 11, 2011risk 0.00cvss —epss 0.04
Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string…
- CVE-2010-3192Oct 14, 2010risk 0.00cvss —epss 0.02
Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated…
- CVE-2010-3089Sep 15, 2010risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
- CVE-2010-2056Jul 22, 2010risk 0.00cvss —epss 0.00
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2010-2252Jul 6, 2010risk 0.00cvss —epss 0.04
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx…
- CVE-2010-0830Jun 1, 2010risk 0.00cvss —epss 0.05
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF…
- CVE-2010-0296Jun 1, 2010risk 0.00cvss —epss 0.01
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or…
- CVE-2009-4881Jun 1, 2010risk 0.00cvss —epss 0.02
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as…
- CVE-2006-7239May 24, 2010risk 0.00cvss —epss 0.02
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer…
- CVE-2010-1161Apr 16, 2010risk 0.00cvss —epss 0.00
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
- CVE-2010-1160Apr 16, 2010risk 0.00cvss —epss 0.00
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
- CVE-2010-0825Apr 5, 2010risk 0.00cvss —epss 0.00
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
- CVE-2010-0731Mar 26, 2010risk 0.00cvss —epss 0.03
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate…
- CVE-2010-0624Mar 15, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more…
- CVE-2010-0001Jan 29, 2010risk 0.00cvss —epss 0.05
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW…
Page 19 of 23