Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | |||||
CVE-2002-0044 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Enscript, Linux | 2023-12-10 | 3.6 LOW | N/A |
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. | |||||
CVE-2004-1377 | 2 Gnu, Turbolinux | 4 A2ps, Turbolinux Home, Turbolinux Server and 1 more | 2023-12-10 | 2.1 LOW | N/A |
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-0256 | 1 Gnu | 1 Libtool | 2023-12-10 | 2.1 LOW | N/A |
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. | |||||
CVE-2001-1132 | 1 Gnu | 1 Mailman | 2023-12-10 | 7.5 HIGH | N/A |
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. | |||||
CVE-2004-0422 | 1 Gnu | 1 Flim | 2023-12-10 | 2.1 LOW | N/A |
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack. | |||||
CVE-2003-0978 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. | |||||
CVE-2004-0548 | 2 Gentoo, Gnu | 2 Linux, Aspell | 2023-12-10 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. | |||||
CVE-2004-1337 | 3 Conectiva, Gnu, Ubuntu | 3 Linux, Realtime Linux Security Module, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | N/A |
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges. | |||||
CVE-2001-1377 | 11 Freeradius, Gnu, Icradius and 8 more | 11 Freeradius, Radius, Icradius and 8 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | |||||
CVE-2004-2093 | 1 Gnu | 1 Rsync | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. | |||||
CVE-2001-0522 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file. | |||||
CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in NLS (Natural Language Service). | |||||
CVE-2001-0071 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 2.1 LOW | N/A |
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. | |||||
CVE-2000-0786 | 1 Gnu | 1 Userv | 2023-12-10 | 4.6 MEDIUM | N/A |
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. | |||||
CVE-2003-0255 | 1 Gnu | 1 Privacy Guard | 2023-12-10 | 10.0 HIGH | N/A |
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | |||||
CVE-2004-0984 | 1 Gnu | 1 Mailutils | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges. | |||||
CVE-2000-1219 | 1 Gnu | 2 G\+\+, Gcc | 2023-12-10 | 7.5 HIGH | N/A |
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. | |||||
CVE-2004-1143 | 1 Gnu | 1 Mailman | 2023-12-10 | 7.5 HIGH | N/A |
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
CVE-2001-1036 | 2 Gnu, Slackware | 2 Findutils, Slackware Linux | 2023-12-10 | 7.2 HIGH | N/A |
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. |