Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 4 Enscript, Fedora Core, Propack and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||||
CVE-2005-3123 | 1 Gnu | 1 Gnump3d | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | |||||
CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2024-02-28 | 5.0 MEDIUM | N/A |
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | |||||
CVE-2004-1488 | 1 Gnu | 1 Wget | 2024-02-28 | 5.0 MEDIUM | N/A |
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | |||||
CVE-2004-2459 | 1 Gnu | 1 Gnubiff | 2024-02-28 | 2.1 LOW | N/A |
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. | |||||
CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | |||||
CVE-2005-1111 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cpio | 2024-02-28 | 3.7 LOW | 4.7 MEDIUM |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
CVE-2005-1520 | 1 Gnu | 1 Mailutils | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. | |||||
CVE-2005-2180 | 1 Gnu | 1 Gnats | 2024-02-28 | 2.1 LOW | N/A |
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2024-02-28 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2005-3573 | 1 Gnu | 1 Mailman | 2024-02-28 | 5.0 MEDIUM | N/A |
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | |||||
CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2024-02-28 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | |||||
CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | |||||
CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. | |||||
CVE-2005-2541 | 1 Gnu | 1 Tar | 2024-02-28 | 10.0 HIGH | N/A |
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | |||||
CVE-2005-4153 | 1 Gnu | 1 Mailman | 2024-02-28 | 7.8 HIGH | N/A |
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | |||||
CVE-2005-1039 | 1 Gnu | 1 Coreutils | 2024-02-28 | 3.7 LOW | N/A |
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | |||||
CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | |||||
CVE-2006-1902 | 1 Gnu | 1 Gcc | 2024-02-28 | 2.1 LOW | N/A |
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." | |||||
CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2024-02-28 | 5.0 MEDIUM | N/A |
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. |