Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2941 | 0.00 | — | 0.02 | Sep 6, 2006 | Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | |||
| CVE-2006-4146 | 0.00 | — | 0.03 | Aug 31, 2006 | Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large… | |||
| CVE-2006-3619 | 0.00 | — | 0.04 | Jul 25, 2006 | Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | |||
| CVE-2006-1902 | 0.00 | — | 0.00 | Apr 20, 2006 | fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into… | |||
| CVE-2006-1712 | 0.00 | — | 0.01 | Apr 11, 2006 | Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||
| CVE-2006-0052 | 0.00 | — | 0.03 | Mar 31, 2006 | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between… | |||
| CVE-2006-0049 | 0.00 | — | 0.02 | Mar 13, 2006 | gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid,… | |||
| CVE-2006-0300 | 0.00 | — | 0.05 | Feb 24, 2006 | Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | |||
| CVE-2006-0645 | 0.00 | — | 0.04 | Feb 10, 2006 | Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by… | |||
| CVE-2006-0353 | 0.00 | — | 0.00 | Jan 22, 2006 | unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to… | |||
| CVE-2005-1918 | 0.00 | — | 0.03 | Dec 31, 2005 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences… | |||
| CVE-2005-4808 | 0.00 | — | 0.02 | Dec 31, 2005 | Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | |||
| CVE-2005-4268 | 0.00 | — | 0.01 | Dec 15, 2005 | Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. | |||
| CVE-2005-4153 | 0.00 | — | 0.03 | Dec 11, 2005 | Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | |||
| CVE-2005-3349 | 0.00 | — | 0.00 | Nov 18, 2005 | GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | |||
| CVE-2005-3355 | 0.00 | — | 0.02 | Nov 18, 2005 | Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | |||
| CVE-2005-3573 | 0.00 | — | 0.03 | Nov 16, 2005 | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2005-3425 | 0.00 | — | 0.02 | Nov 1, 2005 | Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | |||
| CVE-2005-3424 | 0.00 | — | 0.01 | Nov 1, 2005 | Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | |||
| CVE-2005-3123 | 0.00 | — | 0.03 | Oct 30, 2005 | Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | |||
| CVE-2005-2960 | 0.00 | — | 0.00 | Oct 5, 2005 | cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||
| CVE-2005-3137 | 0.00 | — | 0.00 | Oct 5, 2005 | The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | |||
| CVE-2005-3011 | 0.00 | — | 0.01 | Sep 21, 2005 | The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2005-2761 | 0.00 | — | 0.01 | Aug 31, 2005 | Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | |||
| CVE-2005-2541 | 0.00 | — | 0.04 | Aug 10, 2005 | Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | |||
| CVE-2005-2180 | 0.00 | — | 0.00 | Jul 11, 2005 | gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | |||
| CVE-2005-1824 | 0.00 | — | 0.01 | Jun 2, 2005 | The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | |||
| CVE-2005-1521 | 0.00 | — | 0.03 | May 26, 2005 | Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based… | |||
| CVE-2005-1522 | 0.00 | — | 0.02 | May 26, 2005 | The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | |||
| CVE-2005-1705 | 0.00 | — | 0.00 | May 24, 2005 | gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | |||
| CVE-2005-1704 | 0.00 | — | 0.01 | May 24, 2005 | Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a… | |||
| CVE-2005-0758 | 0.00 | — | 0.01 | May 13, 2005 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||
| CVE-2005-1431 | 0.00 | — | 0.02 | May 3, 2005 | The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | |||
| CVE-2005-0202 | 0.00 | — | 0.03 | May 2, 2005 | Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./"… | |||
| CVE-2005-0988 | 0.00 | — | 0.01 | May 2, 2005 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is… | |||
| CVE-2005-1229 | 0.00 | — | 0.02 | May 2, 2005 | Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | |||
| CVE-2005-0990 | 0.00 | — | 0.00 | May 2, 2005 | unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. | |||
| CVE-2005-1039 | 0.00 | — | 0.00 | May 2, 2005 | Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | |||
| CVE-2005-1228 | 0.00 | — | 0.04 | May 2, 2005 | Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||
| CVE-2005-0080 | 0.00 | — | 0.01 | May 2, 2005 | The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||
| CVE-2004-1487 | 0.00 | — | 0.02 | Apr 27, 2005 | wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | |||
| CVE-2004-0969 | 0.00 | — | 0.00 | Feb 9, 2005 | The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0968 | 0.00 | — | 0.00 | Feb 9, 2005 | The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-0970 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. | |||
| CVE-2004-0966 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2005-0100 | 0.00 | — | 0.04 | Feb 7, 2005 | Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||
| CVE-2004-1185 | 0.00 | — | 0.04 | Jan 21, 2005 | Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | |||
| CVE-2004-1184 | 0.00 | — | 0.01 | Jan 21, 2005 | The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||
| CVE-2004-1177 | 0.00 | — | 0.02 | Jan 10, 2005 | Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | |||
| CVE-2004-2531 | 0.00 | — | 0.02 | Dec 31, 2004 | X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. |
- CVE-2006-2941Sep 6, 2006risk 0.00cvss —epss 0.02
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
- CVE-2006-4146Aug 31, 2006risk 0.00cvss —epss 0.03
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large…
- CVE-2006-3619Jul 25, 2006risk 0.00cvss —epss 0.04
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
- CVE-2006-1902Apr 20, 2006risk 0.00cvss —epss 0.00
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into…
- CVE-2006-1712Apr 11, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
- CVE-2006-0052Mar 31, 2006risk 0.00cvss —epss 0.03
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between…
- CVE-2006-0049Mar 13, 2006risk 0.00cvss —epss 0.02
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid,…
- CVE-2006-0300Feb 24, 2006risk 0.00cvss —epss 0.05
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
- CVE-2006-0645Feb 10, 2006risk 0.00cvss —epss 0.04
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by…
- CVE-2006-0353Jan 22, 2006risk 0.00cvss —epss 0.00
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to…
- CVE-2005-1918Dec 31, 2005risk 0.00cvss —epss 0.03
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences…
- CVE-2005-4808Dec 31, 2005risk 0.00cvss —epss 0.02
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
- CVE-2005-4268Dec 15, 2005risk 0.00cvss —epss 0.01
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
- CVE-2005-4153Dec 11, 2005risk 0.00cvss —epss 0.03
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
- CVE-2005-3349Nov 18, 2005risk 0.00cvss —epss 0.00
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
- CVE-2005-3355Nov 18, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
- CVE-2005-3573Nov 16, 2005risk 0.00cvss —epss 0.03
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
- CVE-2005-3425Nov 1, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
- CVE-2005-3424Nov 1, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
- CVE-2005-3123Oct 30, 2005risk 0.00cvss —epss 0.03
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
- CVE-2005-2960Oct 5, 2005risk 0.00cvss —epss 0.00
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
- CVE-2005-3137Oct 5, 2005risk 0.00cvss —epss 0.00
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
- CVE-2005-3011Sep 21, 2005risk 0.00cvss —epss 0.01
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2005-2761Aug 31, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
- CVE-2005-2541Aug 10, 2005risk 0.00cvss —epss 0.04
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
- CVE-2005-2180Jul 11, 2005risk 0.00cvss —epss 0.00
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
- CVE-2005-1824Jun 2, 2005risk 0.00cvss —epss 0.01
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
- CVE-2005-1521May 26, 2005risk 0.00cvss —epss 0.03
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based…
- CVE-2005-1522May 26, 2005risk 0.00cvss —epss 0.02
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
- CVE-2005-1705May 24, 2005risk 0.00cvss —epss 0.00
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
- CVE-2005-1704May 24, 2005risk 0.00cvss —epss 0.01
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a…
- CVE-2005-0758May 13, 2005risk 0.00cvss —epss 0.01
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
- CVE-2005-1431May 3, 2005risk 0.00cvss —epss 0.02
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
- CVE-2005-0202May 2, 2005risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./"…
- CVE-2005-0988May 2, 2005risk 0.00cvss —epss 0.01
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…
- CVE-2005-1229May 2, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
- CVE-2005-0990May 2, 2005risk 0.00cvss —epss 0.00
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
- CVE-2005-1039May 2, 2005risk 0.00cvss —epss 0.00
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
- CVE-2005-1228May 2, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
- CVE-2005-0080May 2, 2005risk 0.00cvss —epss 0.01
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
- CVE-2004-1487Apr 27, 2005risk 0.00cvss —epss 0.02
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
- CVE-2004-0969Feb 9, 2005risk 0.00cvss —epss 0.00
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0968Feb 9, 2005risk 0.00cvss —epss 0.00
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-0970Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
- CVE-2004-0966Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2005-0100Feb 7, 2005risk 0.00cvss —epss 0.04
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
- CVE-2004-1185Jan 21, 2005risk 0.00cvss —epss 0.04
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
- CVE-2004-1184Jan 21, 2005risk 0.00cvss —epss 0.01
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
- CVE-2004-1177Jan 10, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
- CVE-2004-2531Dec 31, 2004risk 0.00cvss —epss 0.02
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Page 21 of 23