VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-1999-0612Mar 1, 1997
    risk 0.05cvss epss 0.68

    A version of finger is running that exposes valid user information to any entity on the network.

  • CVE-2021-43778Nov 24, 2021
    risk 0.04cvss epss 0.53

    Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the…

  • CVE-2011-2702Oct 27, 2014
    risk 0.04cvss epss 0.08

    Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2)…

  • CVE-2014-5119Aug 29, 2014
    risk 0.04cvss epss 0.18

    Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv…

  • CVE-2012-4412Oct 9, 2013
    risk 0.04cvss epss 0.17

    Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

  • CVE-2013-4788Oct 4, 2013
    risk 0.04cvss epss 0.11

    The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a…

  • CVE-2009-5029May 2, 2013
    risk 0.04cvss epss 0.08

    Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

  • CVE-2011-4862Dec 25, 2011
    risk 0.04cvss epss 0.95

    Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long…

  • CVE-2011-1071Apr 8, 2011
    risk 0.04cvss epss 0.14

    The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack,"…

  • CVE-2010-3856Jan 7, 2011
    risk 0.04cvss epss 0.09

    ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an…

  • CVE-2010-3847Jan 7, 2011
    risk 0.04cvss epss 0.09

    elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO)…

  • CVE-2009-4880Jun 1, 2010
    risk 0.04cvss epss 0.11

    Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a…

  • CVE-2009-1415Apr 30, 2009
    risk 0.04cvss epss 0.08

    lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of…

  • CVE-2007-6613Jan 3, 2008
    risk 0.04cvss epss 0.13

    Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code…

  • CVE-2007-4476Sep 5, 2007
    risk 0.04cvss epss 0.15

    Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

  • CVE-2006-6097Nov 24, 2006
    risk 0.04cvss epss 0.11

    GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and…

  • CVE-2006-5864Nov 11, 2006
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1)…

  • CVE-2006-3636Sep 6, 2006
    risk 0.04cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2005-4807Dec 31, 2005
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

  • CVE-2005-2878Sep 13, 2005
    risk 0.04cvss epss 0.15

    Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.

  • CVE-2005-1520May 26, 2005
    risk 0.04cvss epss 0.07

    Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.

  • CVE-2005-1523May 26, 2005
    risk 0.04cvss epss 0.10

    Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.

  • CVE-2004-1488Apr 27, 2005
    risk 0.04cvss epss 0.12

    wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

  • CVE-2004-1170Jan 10, 2005
    risk 0.04cvss epss 0.16

    a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

  • CVE-2004-0354Nov 23, 2004
    risk 0.04cvss epss 0.16

    Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the…

  • CVE-2003-0795Dec 15, 2003
    risk 0.04cvss epss 0.08

    The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which…

  • CVE-2003-0853Nov 17, 2003
    risk 0.04cvss epss 0.10

    An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2003-0849Nov 17, 2003
    risk 0.04cvss epss 0.11

    Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

  • CVE-2003-0826Oct 6, 2003
    risk 0.04cvss epss 0.12

    lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

  • CVE-2002-0388Jun 18, 2002
    risk 0.04cvss epss 0.06

    Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.

  • CVE-2001-0522Aug 14, 2001
    risk 0.04cvss epss 0.14

    Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

  • CVE-2001-1022Jul 26, 2001
    risk 0.04cvss epss 0.11

    Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

  • CVE-1999-0041Feb 13, 1997
    risk 0.04cvss epss 0.09

    Buffer overflow in NLS (Natural Language Service).

  • CVE-2023-24626Apr 8, 2023
    risk 0.03cvss epss 0.01

    socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

  • CVE-2019-18862Nov 11, 2019
    risk 0.03cvss epss 0.01

    maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

  • CVE-2015-3622May 12, 2015
    risk 0.03cvss epss 0.33

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

  • CVE-2012-3480Aug 25, 2012
    risk 0.03cvss epss 0.01

    Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary…

  • CVE-2012-1663Mar 13, 2012
    risk 0.03cvss epss 0.05

    Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

  • CVE-2011-0536Apr 8, 2011
    risk 0.03cvss epss 0.01

    Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted…

  • CVE-2010-0002Jan 14, 2010
    risk 0.03cvss epss 0.01

    The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a…

  • CVE-2009-1416Apr 30, 2009
    risk 0.03cvss epss 0.04

    lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

  • CVE-2008-5659Dec 17, 2008
    risk 0.03cvss epss 0.03

    The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as…

  • CVE-2008-2353May 20, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

  • CVE-2007-5795Nov 2, 2007
    risk 0.03cvss epss 0.01

    The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a…

  • CVE-2007-3048Jun 5, 2007
    risk 0.03cvss epss 0.01

    GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue

  • CVE-2007-1263Mar 6, 2007
    risk 0.03cvss epss 0.05

    GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

  • CVE-2006-6719Dec 23, 2006
    risk 0.03cvss epss 0.04

    The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

  • CVE-2006-0455Feb 15, 2006
    risk 0.03cvss epss 0.01

    gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. …

  • CVE-2006-0075Jan 4, 2006
    risk 0.03cvss epss 0.03

    Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

  • CVE-2005-2397Jul 27, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.

Page 9 of 23