VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2004-1453Dec 31, 2004
    risk 0.00cvss epss 0.00

    GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

  • CVE-2004-2459Dec 31, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.

  • CVE-2004-1773Dec 31, 2004
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

  • CVE-2004-1143Dec 31, 2004
    risk 0.00cvss epss 0.02

    The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

  • CVE-2004-1186Dec 31, 2004
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

  • CVE-2004-0984Dec 31, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.

  • CVE-2004-2461Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.

  • CVE-2004-0555Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.

  • CVE-2004-2264Dec 31, 2004
    risk 0.00cvss epss 0.02

    Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid,…

  • CVE-2004-1382Dec 31, 2004
    risk 0.00cvss epss 0.00

    The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

  • CVE-2004-1772Dec 31, 2004
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

  • CVE-2004-2460Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.

  • CVE-2004-1377Dec 27, 2004
    risk 0.00cvss epss 0.00

    The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2004-0849Dec 23, 2004
    risk 0.00cvss epss 0.02

    Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.

  • CVE-2004-1337Dec 23, 2004
    risk 0.00cvss epss 0.00

    The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

  • CVE-2004-0603Dec 6, 2004
    risk 0.00cvss epss 0.03

    gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

  • CVE-2004-0576Dec 6, 2004
    risk 0.00cvss epss 0.02

    The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.

  • CVE-2004-0623Dec 6, 2004
    risk 0.00cvss epss 0.04

    Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.

  • CVE-2004-0256Nov 23, 2004
    risk 0.00cvss epss 0.00

    GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.

  • CVE-2004-0778Oct 20, 2004
    risk 0.00cvss epss 0.02

    CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.

  • CVE-2004-1349Oct 4, 2004
    risk 0.00cvss epss 0.01

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

  • CVE-2004-0412Aug 18, 2004
    risk 0.00cvss epss 0.03

    Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

  • CVE-2004-1702Aug 9, 2004
    risk 0.00cvss epss 0.02

    The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of…

  • CVE-2004-0581Aug 6, 2004
    risk 0.00cvss epss 0.00

    ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.

  • CVE-2004-0422Jul 7, 2004
    risk 0.00cvss epss 0.00

    flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.

  • CVE-2004-0182Jun 1, 2004
    risk 0.00cvss epss 0.01

    Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

  • CVE-2004-0131Mar 3, 2004
    risk 0.00cvss epss 0.04

    The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null…

  • CVE-2003-0991Mar 3, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

  • CVE-2003-0992Feb 17, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.

  • CVE-2003-0965Feb 17, 2004
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

  • CVE-2003-0978Jan 5, 2004
    risk 0.00cvss epss 0.03

    Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key…

  • CVE-2003-0858Dec 15, 2003
    risk 0.00cvss epss 0.00

    Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

  • CVE-2003-0971Dec 15, 2003
    risk 0.00cvss epss 0.03

    GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

  • CVE-2003-0972Dec 15, 2003
    risk 0.00cvss epss 0.03

    Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

  • CVE-2003-0859Dec 15, 2003
    risk 0.00cvss epss 0.00

    The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

  • CVE-2003-0689Oct 20, 2003
    risk 0.00cvss epss 0.02

    The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.

  • CVE-2003-0367Jul 2, 2003
    risk 0.00cvss epss 0.00

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2002-2099Dec 31, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.

  • CVE-2002-1344Dec 18, 2002
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

  • CVE-2002-1265Nov 12, 2002
    risk 0.00cvss epss 0.03

    The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

  • CVE-2002-1216Oct 28, 2002
    risk 0.00cvss epss 0.02

    GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

  • CVE-2002-1146Oct 11, 2002
    risk 0.00cvss epss 0.03

    The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary…

  • CVE-2002-0399Oct 10, 2002
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of…

  • CVE-2002-0684Aug 12, 2002
    risk 0.00cvss epss 0.06

    Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname…

  • CVE-2002-0435Jul 26, 2002
    risk 0.00cvss epss 0.00

    Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which…

  • CVE-2002-0389Jun 18, 2002
    risk 0.00cvss epss 0.00

    Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.

  • CVE-2002-0178May 29, 2002
    risk 0.00cvss epss 0.01

    uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

  • CVE-2002-0271May 29, 2002
    risk 0.00cvss epss 0.00

    Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.

  • CVE-2002-0204May 16, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.

  • CVE-2002-0062Mar 8, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

Page 22 of 23