Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2624 | 0.00 | — | 0.04 | Jan 29, 2010 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this… | |||
| CVE-2010-0015 | 0.00 | — | 0.03 | Jan 14, 2010 | nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the… | |||
| CVE-2009-4029 | 0.00 | — | 0.00 | Dec 20, 2009 | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a… | |||
| CVE-2009-4135 | 0.00 | — | 0.00 | Dec 11, 2009 | The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | |||
| CVE-2009-4128 | 0.00 | — | 0.01 | Dec 1, 2009 | GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | |||
| CVE-2009-3736 | 0.00 | — | 0.00 | Nov 29, 2009 | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2009-3490 | 0.00 | — | 0.04 | Sep 30, 2009 | GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification… | |||
| CVE-2009-2730 | 0.00 | — | 0.02 | Aug 12, 2009 | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a… | |||
| CVE-2009-2409 | 0.00 | — | 0.05 | Jul 30, 2009 | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws… | |||
| CVE-2009-1417 | 0.00 | — | 0.01 | Apr 30, 2009 | gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the… | |||
| CVE-2009-1215 | 0.00 | — | 0.00 | Apr 1, 2009 | Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | |||
| CVE-2009-1214 | 0.00 | — | 0.00 | Apr 1, 2009 | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | |||
| CVE-2009-0757 | 0.00 | — | 0.02 | Mar 3, 2009 | Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. | |||
| CVE-2008-5078 | 0.00 | — | 0.03 | Dec 19, 2008 | Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | |||
| CVE-2008-4475 | 0.00 | — | 0.00 | Oct 7, 2008 | ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2008-3949 | 0.00 | — | 0.01 | Sep 22, 2008 | emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. | |||
| CVE-2008-4100 | 0.00 | — | 0.01 | Sep 18, 2008 | GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is… | |||
| CVE-2008-3916 | 0.00 | — | 0.04 | Sep 4, 2008 | Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only… | |||
| CVE-2008-3896 | 0.00 | — | 0.00 | Sep 3, 2008 | Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||
| CVE-2008-2377 | 0.00 | — | 0.05 | Aug 8, 2008 | Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data… | |||
| CVE-2008-1946 | 0.00 | — | 0.00 | Jul 28, 2008 | The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||
| CVE-2008-1950 | 0.00 | — | 0.05 | May 21, 2008 | Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted… | |||
| CVE-2008-1949 | 0.00 | — | 0.06 | May 21, 2008 | The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service… | |||
| CVE-2008-2142 | 0.00 | — | 0.04 | May 12, 2008 | Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | |||
| CVE-2008-1694 | 0.00 | — | 0.00 | Apr 22, 2008 | vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2008-1688 | 0.00 | — | 0.03 | Apr 9, 2008 | Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. | |||
| CVE-2008-1687 | 0.00 | — | 0.02 | Apr 9, 2008 | The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | |||
| CVE-2008-1685 | 0.00 | — | 0.01 | Apr 6, 2008 | gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer… | |||
| CVE-2008-1367 | 0.00 | — | 0.03 | Mar 17, 2008 | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong… | |||
| CVE-2007-6109 | 0.00 | — | 0.03 | Dec 7, 2007 | Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain… | |||
| CVE-2007-6130 | 0.00 | — | 0.01 | Nov 26, 2007 | gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||
| CVE-2007-5377 | 0.00 | — | 0.00 | Oct 12, 2007 | The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2007-3741 | 0.00 | — | 0.03 | Aug 27, 2007 | The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||
| CVE-2007-4131 | 0.00 | — | 0.03 | Aug 25, 2007 | Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | |||
| CVE-2007-3508 | 0.00 | — | 0.00 | Jul 3, 2007 | Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is… | |||
| CVE-2007-2833 | 0.00 | — | 0.02 | Jun 21, 2007 | Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||
| CVE-2007-2452 | 0.00 | — | 0.02 | Jun 4, 2007 | Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability… | |||
| CVE-2007-2808 | 0.00 | — | 0.01 | May 22, 2007 | Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | |||
| CVE-2007-2500 | 0.00 | — | 0.05 | May 4, 2007 | server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an… | |||
| CVE-2007-2162 | 0.00 | — | 0.01 | Apr 22, 2007 | (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||
| CVE-2006-7151 | 0.00 | — | 0.00 | Mar 7, 2007 | Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | |||
| CVE-2007-1269 | 0.00 | — | 0.03 | Mar 6, 2007 | GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the… | |||
| CVE-2006-6939 | 0.00 | — | 0.00 | Jan 17, 2007 | GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | |||
| CVE-2006-6235 | 0.00 | — | 0.06 | Dec 7, 2006 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||
| CVE-2006-4181 | 0.00 | — | 0.05 | Nov 28, 2006 | Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2006-4810 | 0.00 | — | 0.01 | Nov 8, 2006 | Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | |||
| CVE-2006-4573 | 0.00 | — | 0.02 | Oct 24, 2006 | Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | |||
| CVE-2006-2191 | 0.00 | — | 0.02 | Sep 19, 2006 | Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable. | |||
| CVE-2006-4790 | 0.00 | — | 0.02 | Sep 14, 2006 | verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and… | |||
| CVE-2006-4624 | 0.00 | — | 0.03 | Sep 7, 2006 | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. |
- CVE-2009-2624Jan 29, 2010risk 0.00cvss —epss 0.04
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this…
- CVE-2010-0015Jan 14, 2010risk 0.00cvss —epss 0.03
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the…
- CVE-2009-4029Dec 20, 2009risk 0.00cvss —epss 0.00
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a…
- CVE-2009-4135Dec 11, 2009risk 0.00cvss —epss 0.00
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
- CVE-2009-4128Dec 1, 2009risk 0.00cvss —epss 0.01
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
- CVE-2009-3736Nov 29, 2009risk 0.00cvss —epss 0.00
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
- CVE-2009-3490Sep 30, 2009risk 0.00cvss —epss 0.04
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification…
- CVE-2009-2730Aug 12, 2009risk 0.00cvss —epss 0.02
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a…
- CVE-2009-2409Jul 30, 2009risk 0.00cvss —epss 0.05
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws…
- CVE-2009-1417Apr 30, 2009risk 0.00cvss —epss 0.01
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the…
- CVE-2009-1215Apr 1, 2009risk 0.00cvss —epss 0.00
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
- CVE-2009-1214Apr 1, 2009risk 0.00cvss —epss 0.00
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
- CVE-2009-0757Mar 3, 2009risk 0.00cvss —epss 0.02
Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
- CVE-2008-5078Dec 19, 2008risk 0.00cvss —epss 0.03
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
- CVE-2008-4475Oct 7, 2008risk 0.00cvss —epss 0.00
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2008-3949Sep 22, 2008risk 0.00cvss —epss 0.01
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
- CVE-2008-4100Sep 18, 2008risk 0.00cvss —epss 0.01
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is…
- CVE-2008-3916Sep 4, 2008risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only…
- CVE-2008-3896Sep 3, 2008risk 0.00cvss —epss 0.00
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
- CVE-2008-2377Aug 8, 2008risk 0.00cvss —epss 0.05
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data…
- CVE-2008-1946Jul 28, 2008risk 0.00cvss —epss 0.00
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
- CVE-2008-1950May 21, 2008risk 0.00cvss —epss 0.05
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted…
- CVE-2008-1949May 21, 2008risk 0.00cvss —epss 0.06
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service…
- CVE-2008-2142May 12, 2008risk 0.00cvss —epss 0.04
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
- CVE-2008-1694Apr 22, 2008risk 0.00cvss —epss 0.00
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2008-1688Apr 9, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
- CVE-2008-1687Apr 9, 2008risk 0.00cvss —epss 0.02
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
- CVE-2008-1685Apr 6, 2008risk 0.00cvss —epss 0.01
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer…
- CVE-2008-1367Mar 17, 2008risk 0.00cvss —epss 0.03
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong…
- CVE-2007-6109Dec 7, 2007risk 0.00cvss —epss 0.03
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain…
- CVE-2007-6130Nov 26, 2007risk 0.00cvss —epss 0.01
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
- CVE-2007-5377Oct 12, 2007risk 0.00cvss —epss 0.00
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2007-3741Aug 27, 2007risk 0.00cvss —epss 0.03
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
- CVE-2007-4131Aug 25, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
- CVE-2007-3508Jul 3, 2007risk 0.00cvss —epss 0.00
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is…
- CVE-2007-2833Jun 21, 2007risk 0.00cvss —epss 0.02
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
- CVE-2007-2452Jun 4, 2007risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability…
- CVE-2007-2808May 22, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
- CVE-2007-2500May 4, 2007risk 0.00cvss —epss 0.05
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an…
- CVE-2007-2162Apr 22, 2007risk 0.00cvss —epss 0.01
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
- CVE-2006-7151Mar 7, 2007risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
- CVE-2007-1269Mar 6, 2007risk 0.00cvss —epss 0.03
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the…
- CVE-2006-6939Jan 17, 2007risk 0.00cvss —epss 0.00
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
- CVE-2006-6235Dec 7, 2006risk 0.00cvss —epss 0.06
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
- CVE-2006-4181Nov 28, 2006risk 0.00cvss —epss 0.05
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2006-4810Nov 8, 2006risk 0.00cvss —epss 0.01
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
- CVE-2006-4573Oct 24, 2006risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
- CVE-2006-2191Sep 19, 2006risk 0.00cvss —epss 0.02
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
- CVE-2006-4790Sep 14, 2006risk 0.00cvss —epss 0.02
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and…
- CVE-2006-4624Sep 7, 2006risk 0.00cvss —epss 0.03
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
Page 20 of 23