Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2941 | 1 Gnu | 1 Mailman | 2024-02-28 | 5.0 MEDIUM | N/A |
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | |||||
CVE-2006-4146 | 1 Gnu | 1 Gdb | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. | |||||
CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2024-02-28 | 2.6 LOW | N/A |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
CVE-2005-0202 | 1 Gnu | 1 Mailman | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | |||||
CVE-2005-1229 | 1 Gnu | 1 Cpio | 2024-02-28 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | |||||
CVE-2004-0968 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 2.1 LOW | N/A |
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | |||||
CVE-2005-1705 | 1 Gnu | 1 Gdb | 2024-02-28 | 7.2 HIGH | N/A |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | |||||
CVE-2005-1704 | 1 Gnu | 1 Gdb | 2024-02-28 | 4.6 MEDIUM | N/A |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | |||||
CVE-2005-3355 | 1 Gnu | 1 Gnump3d | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | |||||
CVE-2004-0969 | 3 Gentoo, Gnu, Ubuntu | 3 Linux, Groff, Ubuntu Linux | 2024-02-28 | 2.1 LOW | N/A |
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-1487 | 1 Gnu | 1 Wget | 2024-02-28 | 5.0 MEDIUM | N/A |
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | |||||
CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||||
CVE-2006-2362 | 1 Gnu | 1 Binutils | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | |||||
CVE-2006-0353 | 1 Gnu | 1 Lsh | 2024-02-28 | 3.6 LOW | N/A |
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | |||||
CVE-2004-1170 | 3 Gnu, Sun, Suse | 3 A2ps, Java Desktop System, Suse Linux | 2024-02-28 | 10.0 HIGH | N/A |
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2024-02-28 | 7.5 HIGH | N/A |
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | |||||
CVE-2002-0399 | 1 Gnu | 1 Tar | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
CVE-2001-1376 | 12 Ascend, Freeradius, Gnu and 9 more | 12 Radius, Freeradius, Radius and 9 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | |||||
CVE-1999-0035 | 2 Gnu, Sgi | 2 Inet, Irix | 2024-02-28 | 5.1 MEDIUM | N/A |
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |