Filtered by vendor Gnu
Subscribe
Total
378 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1267 | 1 Gnu | 1 Tar | 2023-12-10 | 2.1 LOW | N/A |
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | |||||
CVE-2002-1216 | 1 Gnu | 1 Tar | 2023-12-10 | 5.0 MEDIUM | N/A |
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | |||||
CVE-2003-0826 | 1 Gnu | 1 Lsh | 2023-12-10 | 7.5 HIGH | N/A |
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | |||||
CVE-2002-0178 | 1 Gnu | 1 Sharutils | 2023-12-10 | 7.2 HIGH | N/A |
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | |||||
CVE-2000-0861 | 1 Gnu | 1 Mailman | 2023-12-10 | 7.2 HIGH | N/A |
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | |||||
CVE-2003-0859 | 5 Gnu, Intel, Quagga and 2 more | 7 Glibc, Zebra, Ia64 and 4 more | 2023-12-10 | 4.9 MEDIUM | N/A |
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2023-12-10 | 4.6 MEDIUM | N/A |
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | |||||
CVE-2001-0072 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 5.0 MEDIUM | N/A |
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | |||||
CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. | |||||
CVE-2000-0963 | 4 Freebsd, Gnu, Immunix and 1 more | 4 Freebsd, Ncurses, Immunix and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2023-12-10 | N/A | N/A |
A version of finger is running that exposes valid user information to any entity on the network. | |||||
CVE-2004-1773 | 1 Gnu | 1 Sharutils | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | |||||
CVE-1999-0491 | 1 Gnu | 1 Bash | 2023-12-10 | 4.6 MEDIUM | N/A |
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | |||||
CVE-2004-1453 | 1 Gnu | 1 Glibc | 2023-12-10 | 2.1 LOW | N/A |
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. | |||||
CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Land IP denial of service. | |||||
CVE-2002-2099 | 1 Gnu | 1 Data Display Debugger | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE. | |||||
CVE-2003-1232 | 1 Gnu | 1 Emacs | 2023-12-10 | 5.1 MEDIUM | N/A |
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | |||||
CVE-1999-0402 | 1 Gnu | 1 Wget | 2023-12-10 | 5.0 MEDIUM | N/A |
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | |||||
CVE-2003-0992 | 1 Gnu | 1 Mailman | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | |||||
CVE-2004-0603 | 1 Gnu | 1 Gzip | 2023-12-10 | 10.0 HIGH | N/A |
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. |