Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2808 | 2 Gnu, Yngve Svendsen | 2 Gnats, Gnatsweb | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | |||||
CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2024-02-28 | 10.0 HIGH | N/A |
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | |||||
CVE-2006-6939 | 1 Gnu | 1 Ed | 2024-02-28 | 4.6 MEDIUM | N/A |
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | |||||
CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2024-02-28 | 10.0 HIGH | N/A |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||||
CVE-2007-1263 | 2 Gnu, Gnupg | 2 Gpgme, Gnupg | 2024-02-28 | 5.0 MEDIUM | N/A |
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. | |||||
CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2024-02-28 | 5.0 MEDIUM | N/A |
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2024-02-28 | 5.0 MEDIUM | N/A |
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2024-02-28 | 4.3 MEDIUM | N/A |
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||||
CVE-2006-7151 | 2 Gnu, Redhat | 2 Libtool-ltdl, Fedora Core | 2024-02-28 | 6.6 MEDIUM | N/A |
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | |||||
CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2024-02-28 | 6.3 MEDIUM | N/A |
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | |||||
CVE-2007-5377 | 1 Gnu | 1 Tramp | 2024-02-28 | 6.9 MEDIUM | N/A |
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2024-02-28 | 7.8 HIGH | N/A |
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||||
CVE-2006-4810 | 1 Gnu | 1 Texinfo | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | |||||
CVE-2004-0966 | 2 Gnu, Ubuntu | 2 Gettext, Ubuntu Linux | 2024-02-28 | 2.1 LOW | N/A |
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | |||||
CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2024-02-28 | 5.0 MEDIUM | N/A |
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | |||||
CVE-2006-1712 | 1 Gnu | 1 Mailman | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||||
CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2024-02-28 | 2.1 LOW | N/A |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||||
CVE-2004-0970 | 1 Gnu | 1 Gzip | 2024-02-28 | 2.1 LOW | N/A |
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. |