Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-5081 | 1 Gnu | 1 Groff | 2023-12-10 | 3.3 LOW | N/A |
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. | |||||
CVE-2010-3856 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.2 HIGH | N/A |
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | |||||
CVE-2010-0296 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.2 HIGH | N/A |
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | |||||
CVE-2010-0624 | 1 Gnu | 2 Cpio, Tar | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | |||||
CVE-2010-0731 | 1 Gnu | 1 Gnutls | 2023-12-10 | 7.5 HIGH | N/A |
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. | |||||
CVE-2010-1160 | 1 Gnu | 1 Nano | 2023-12-10 | 1.9 LOW | N/A |
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | |||||
CVE-2011-1095 | 1 Gnu | 1 Glibc | 2023-12-10 | 6.2 MEDIUM | N/A |
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | |||||
CVE-2006-7239 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | |||||
CVE-2009-2624 | 1 Gnu | 1 Gzip | 2023-12-10 | 6.8 MEDIUM | N/A |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
CVE-2009-5080 | 1 Gnu | 1 Groff | 2023-12-10 | 3.3 LOW | N/A |
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. | |||||
CVE-2010-1161 | 1 Gnu | 1 Nano | 2023-12-10 | 3.7 LOW | N/A |
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||||
CVE-2011-4128 | 1 Gnu | 1 Gnutls | 2023-12-10 | 4.3 MEDIUM | N/A |
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. | |||||
CVE-2010-4651 | 1 Gnu | 1 Gnu Patch | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. | |||||
CVE-2010-4051 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | |||||
CVE-2010-0001 | 1 Gnu | 1 Gzip | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | |||||
CVE-2009-5079 | 1 Gnu | 1 Groff | 2023-12-10 | 3.3 LOW | N/A |
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. | |||||
CVE-2010-0002 | 1 Gnu | 1 Bash | 2023-12-10 | 2.1 LOW | N/A |
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. | |||||
CVE-2010-3192 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | |||||
CVE-2010-2252 | 1 Gnu | 1 Wget | 2023-12-10 | 6.8 MEDIUM | N/A |
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | |||||
CVE-2011-1089 | 1 Gnu | 1 Glibc | 2023-12-10 | 3.3 LOW | N/A |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. |