Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1377 | 0.00 | — | 0.05 | Mar 4, 2002 | Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | |||
| CVE-2002-0003 | 0.00 | — | 0.02 | Feb 27, 2002 | Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. | |||
| CVE-2002-0044 | 0.00 | — | 0.00 | Jan 31, 2002 | GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. | |||
| CVE-2001-0886 | 0.00 | — | 0.01 | Dec 21, 2001 | Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. | |||
| CVE-2001-0884 | 0.00 | — | 0.02 | Dec 21, 2001 | Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. | |||
| CVE-2001-1228 | 0.00 | — | 0.03 | Nov 18, 2001 | Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | |||
| CVE-2001-1132 | 0.00 | — | 0.03 | Sep 5, 2001 | Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. | |||
| CVE-2001-1301 | 0.00 | — | 0.00 | Aug 7, 2001 | rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | |||
| CVE-2001-1267 | 0.00 | — | 0.01 | Jul 12, 2001 | Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | |||
| CVE-2001-0290 | 0.00 | — | 0.00 | May 3, 2001 | Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. | |||
| CVE-2001-0072 | 0.00 | — | 0.02 | Feb 12, 2001 | gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | |||
| CVE-2001-0071 | 0.00 | — | 0.00 | Feb 12, 2001 | gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. | |||
| CVE-2000-1137 | 0.00 | — | 0.00 | Jan 9, 2001 | GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. | |||
| CVE-2000-0959 | 0.00 | — | 0.00 | Dec 19, 2000 | glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. | |||
| CVE-2000-0803 | 0.00 | — | 0.02 | Dec 19, 2000 | GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. | |||
| CVE-2000-0974 | 0.00 | — | 0.03 | Dec 19, 2000 | GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. | |||
| CVE-2000-0947 | 0.00 | — | 0.03 | Dec 19, 2000 | Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||
| CVE-2000-0963 | 0.00 | — | 0.01 | Dec 19, 2000 | Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||
| CVE-2000-0861 | 0.00 | — | 0.01 | Nov 14, 2000 | Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | |||
| CVE-2000-1219 | 0.00 | — | 0.01 | Nov 1, 2000 | The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. | |||
| CVE-2000-0786 | 0.00 | — | 0.00 | Oct 20, 2000 | GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. | |||
| CVE-2000-0701 | 0.00 | — | 0.00 | Oct 20, 2000 | The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. | |||
| CVE-2000-0335 | 0.00 | — | 0.02 | May 3, 2000 | The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | |||
| CVE-2000-0271 | 0.00 | — | 0.00 | Apr 18, 2000 | read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. | |||
| CVE-2000-0269 | 0.00 | — | 0.00 | Apr 18, 2000 | Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess. | |||
| CVE-2000-0270 | 0.00 | — | 0.00 | Apr 18, 2000 | The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. | |||
| CVE-2000-0151 | 0.00 | — | 0.00 | Feb 1, 2000 | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | |||
| CVE-1999-0719 | 0.00 | — | 0.00 | Aug 5, 1999 | The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | |||
| CVE-1999-1165 | 0.00 | — | 0.00 | Jul 21, 1999 | GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. | |||
| CVE-2000-0364 | 0.00 | — | 0.00 | Jun 1, 1999 | screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys. | |||
| CVE-1999-0402 | 0.00 | — | 0.01 | Jan 2, 1999 | wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | |||
| CVE-1999-0017 | 0.00 | — | 0.02 | Dec 10, 1997 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||
| CVE-1999-0216 | 0.00 | — | 0.03 | Nov 1, 1997 | Denial of service of inetd on Linux through SYN and RST packets. | |||
| CVE-1999-0150 | 0.00 | — | 0.04 | Jul 1, 1997 | The Perl fingerd program allows arbitrary command execution from remote users. | |||
| CVE-1999-0202 | 0.00 | — | 0.02 | Jan 1, 1997 | The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. | |||
| CVE-1999-1383 | 0.00 | — | 0.00 | Sep 13, 1996 | (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in… | |||
| CVE-1999-1572 | 0.00 | — | 0.01 | Jul 16, 1996 | cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
- CVE-2001-1377Mar 4, 2002risk 0.00cvss —epss 0.05
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
- CVE-2002-0003Feb 27, 2002risk 0.00cvss —epss 0.02
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
- CVE-2002-0044Jan 31, 2002risk 0.00cvss —epss 0.00
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
- CVE-2001-0886Dec 21, 2001risk 0.00cvss —epss 0.01
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
- CVE-2001-0884Dec 21, 2001risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
- CVE-2001-1228Nov 18, 2001risk 0.00cvss —epss 0.03
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
- CVE-2001-1132Sep 5, 2001risk 0.00cvss —epss 0.03
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
- CVE-2001-1301Aug 7, 2001risk 0.00cvss —epss 0.00
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
- CVE-2001-1267Jul 12, 2001risk 0.00cvss —epss 0.01
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
- CVE-2001-0290May 3, 2001risk 0.00cvss —epss 0.00
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
- CVE-2001-0072Feb 12, 2001risk 0.00cvss —epss 0.02
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
- CVE-2001-0071Feb 12, 2001risk 0.00cvss —epss 0.00
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
- CVE-2000-1137Jan 9, 2001risk 0.00cvss —epss 0.00
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
- CVE-2000-0959Dec 19, 2000risk 0.00cvss —epss 0.00
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
- CVE-2000-0803Dec 19, 2000risk 0.00cvss —epss 0.02
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
- CVE-2000-0974Dec 19, 2000risk 0.00cvss —epss 0.03
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
- CVE-2000-0947Dec 19, 2000risk 0.00cvss —epss 0.03
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
- CVE-2000-0963Dec 19, 2000risk 0.00cvss —epss 0.01
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
- CVE-2000-0861Nov 14, 2000risk 0.00cvss —epss 0.01
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
- CVE-2000-1219Nov 1, 2000risk 0.00cvss —epss 0.01
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
- CVE-2000-0786Oct 20, 2000risk 0.00cvss —epss 0.00
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
- CVE-2000-0701Oct 20, 2000risk 0.00cvss —epss 0.00
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
- CVE-2000-0335May 3, 2000risk 0.00cvss —epss 0.02
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
- CVE-2000-0271Apr 18, 2000risk 0.00cvss —epss 0.00
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
- CVE-2000-0269Apr 18, 2000risk 0.00cvss —epss 0.00
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
- CVE-2000-0270Apr 18, 2000risk 0.00cvss —epss 0.00
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
- CVE-2000-0151Feb 1, 2000risk 0.00cvss —epss 0.00
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
- CVE-1999-0719Aug 5, 1999risk 0.00cvss —epss 0.00
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
- CVE-1999-1165Jul 21, 1999risk 0.00cvss —epss 0.00
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
- CVE-2000-0364Jun 1, 1999risk 0.00cvss —epss 0.00
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
- CVE-1999-0402Jan 2, 1999risk 0.00cvss —epss 0.01
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.
- CVE-1999-0017Dec 10, 1997risk 0.00cvss —epss 0.02
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
- CVE-1999-0216Nov 1, 1997risk 0.00cvss —epss 0.03
Denial of service of inetd on Linux through SYN and RST packets.
- CVE-1999-0150Jul 1, 1997risk 0.00cvss —epss 0.04
The Perl fingerd program allows arbitrary command execution from remote users.
- CVE-1999-0202Jan 1, 1997risk 0.00cvss —epss 0.02
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.
- CVE-1999-1383Sep 13, 1996risk 0.00cvss —epss 0.00
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in…
- CVE-1999-1572Jul 16, 1996risk 0.00cvss —epss 0.01
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Page 23 of 23