Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0991 | 2 Gnu, Sgi | 2 Mailman, Propack | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | |||||
CVE-2003-0965 | 1 Gnu | 1 Mailman | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | |||||
CVE-2002-0062 | 5 Debian, Freebsd, Gnu and 2 more | 5 Debian Linux, Freebsd, Ncurses and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | |||||
CVE-2004-0131 | 1 Gnu | 1 Radius | 2023-12-10 | 5.0 MEDIUM | N/A |
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | |||||
CVE-2000-1137 | 1 Gnu | 1 Ed | 2023-12-10 | 4.6 MEDIUM | N/A |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. | |||||
CVE-2004-1382 | 1 Gnu | 1 Glibc | 2023-12-10 | 2.1 LOW | N/A |
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. | |||||
CVE-2000-0803 | 1 Gnu | 1 Groff | 2023-12-10 | 10.0 HIGH | N/A |
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. | |||||
CVE-2004-1186 | 1 Gnu | 1 Enscript | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | |||||
CVE-2002-0855 | 1 Gnu | 1 Mailman | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | |||||
CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2023-12-10 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | |||||
CVE-2003-0795 | 3 Gnu, Quagga, Sgi | 3 Zebra, Quagga, Propack | 2023-12-10 | 5.0 MEDIUM | N/A |
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | |||||
CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2023-12-10 | 7.5 HIGH | N/A |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||||
CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2023-12-10 | 2.1 LOW | N/A |
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2023-12-10 | 2.1 LOW | N/A |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | |||||
CVE-1999-1383 | 2 Gnu, Tcsh | 2 Bash, Tcsh | 2023-12-10 | 4.6 MEDIUM | N/A |
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. | |||||
CVE-2004-0182 | 1 Gnu | 1 Mailman | 2023-12-10 | 5.0 MEDIUM | N/A |
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | |||||
CVE-1999-1165 | 1 Gnu | 1 Fingerd | 2023-12-10 | 7.2 HIGH | N/A |
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. | |||||
CVE-2003-0971 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 5.0 MEDIUM | N/A |
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | |||||
CVE-2000-0959 | 1 Gnu | 1 Glibc | 2023-12-10 | 1.2 LOW | N/A |
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. | |||||
CVE-2002-1146 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). |