Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Total 1065 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2459 1 Gnu 1 Gnubiff 2023-12-10 2.1 LOW N/A
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
CVE-2006-2941 1 Gnu 1 Mailman 2023-12-10 5.0 MEDIUM N/A
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
CVE-2005-2960 2 Debian, Gnu 2 Debian Linux, Cfengine 2023-12-10 2.1 LOW N/A
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVE-2005-3573 1 Gnu 1 Mailman 2023-12-10 5.0 MEDIUM N/A
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
CVE-2005-2397 1 Gnu 1 Phpbook 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
CVE-2004-1184 4 Gnu, Redhat, Sgi and 1 more 4 Enscript, Fedora Core, Propack and 1 more 2023-12-10 4.6 MEDIUM N/A
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVE-2006-0075 1 Gnu 1 Phpbook 2023-12-10 7.5 HIGH N/A
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVE-2005-1520 1 Gnu 1 Mailutils 2023-12-10 7.5 HIGH N/A
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
CVE-2005-0988 7 Freebsd, Gentoo, Gnu and 4 more 13 Freebsd, Linux, Gzip and 10 more 2023-12-10 3.7 LOW N/A
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
CVE-2004-0968 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Enterprise Linux Desktop 2023-12-10 2.1 LOW N/A
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2005-1705 1 Gnu 1 Gdb 2023-12-10 7.2 HIGH N/A
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVE-2005-3355 1 Gnu 1 Gnump3d 2023-12-10 6.4 MEDIUM N/A
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
CVE-2005-1522 1 Gnu 1 Mailutils 2023-12-10 5.0 MEDIUM N/A
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
CVE-2006-4624 1 Gnu 1 Mailman 2023-12-10 2.6 LOW N/A
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
CVE-2004-1185 1 Gnu 1 Enscript 2023-12-10 7.5 HIGH N/A
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVE-2004-1170 3 Gnu, Sun, Suse 3 A2ps, Java Desktop System, Suse Linux 2023-12-10 10.0 HIGH N/A
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2005-0080 2 Gnu, Ubuntu 2 Mailman, Ubuntu Linux 2023-12-10 5.0 MEDIUM N/A
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
CVE-2005-0990 1 Gnu 1 Sharutils 2023-12-10 2.1 LOW N/A
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
CVE-2006-3636 1 Gnu 1 Mailman 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2000-0824 1 Gnu 1 Glibc 2023-12-10 7.2 HIGH N/A
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.