Filtered by vendor Gnu
Subscriptions
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-2056 | 1 Gnu | 1 Gv | 2010-07-22 | N/A |
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2010-1161 | 1 Gnu | 1 Nano | 2010-06-07 | N/A |
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | ||||
CVE-2010-1160 | 1 Gnu | 1 Nano | 2010-06-07 | N/A |
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | ||||
CVE-2001-1267 | 1 Gnu | 1 Tar | 2010-05-21 | N/A |
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | ||||
CVE-2002-0388 | 1 Gnu | 1 Mailman | 2009-07-21 | N/A |
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | ||||
CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2009-06-10 | N/A |
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | ||||
CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2009-03-02 | N/A |
Land IP denial of service. | ||||
CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2008-09-10 | N/A |
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | ||||
CVE-2002-1146 | 1 Gnu | 1 Glibc | 2008-09-10 | N/A |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | ||||
CVE-2001-1228 | 1 Gnu | 1 Gzip | 2008-09-10 | N/A |
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | ||||
CVE-2000-0335 | 2 Gnu, Isc | 2 Glibc, Bind | 2008-09-10 | N/A |
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | ||||
CVE-2000-0151 | 1 Gnu | 1 Make | 2008-09-10 | N/A |
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | ||||
CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2008-09-09 | N/A |
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | ||||
CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2008-09-05 | N/A |
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | ||||
CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2008-09-05 | N/A |
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | ||||
CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2008-09-05 | N/A |
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | ||||
CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2008-09-05 | N/A |
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | ||||
CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2008-09-05 | N/A |
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | ||||
CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2008-09-05 | N/A |
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | ||||
CVE-2005-1520 | 1 Gnu | 1 Mailutils | 2008-09-05 | N/A |
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. |