Filtered by vendor Gnu
Subscriptions
Total
1107 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-3011 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2025-04-03 | N/A |
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
CVE-2003-1232 | 1 Gnu | 1 Emacs | 2025-04-03 | N/A |
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | ||||
CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2025-04-03 | N/A |
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | ||||
CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2025-04-03 | N/A |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | ||||
CVE-2001-0522 | 2 Gnu, Redhat | 2 Privacy Guard, Linux | 2025-04-03 | N/A |
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file. | ||||
CVE-1999-0150 | 1 Gnu | 1 Fingerd | 2025-04-03 | N/A |
The Perl fingerd program allows arbitrary command execution from remote users. | ||||
CVE-2003-0978 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | N/A |
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. | ||||
CVE-2002-1146 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Linux | 2025-04-03 | N/A |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | ||||
CVE-2002-1344 | 3 Gnu, Redhat, Sun | 4 Wget, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. | ||||
CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | ||||
CVE-2005-2397 | 1 Gnu | 1 Phpbook | 2025-04-03 | N/A |
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. | ||||
CVE-2000-0335 | 2 Gnu, Isc | 2 Glibc, Bind | 2025-04-03 | N/A |
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | ||||
CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | N/A |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | ||||
CVE-2003-0971 | 2 Gnu, Redhat | 3 Privacy Guard, Enterprise Linux, Linux | 2025-04-03 | N/A |
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | ||||
CVE-2005-1705 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2025-04-03 | N/A |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | ||||
CVE-2005-1704 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2025-04-03 | N/A |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | ||||
CVE-2003-0965 | 2 Gnu, Redhat | 2 Mailman, Linux | 2025-04-03 | N/A |
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | ||||
CVE-2002-0388 | 2 Gnu, Redhat | 5 Mailman, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | ||||
CVE-2005-2541 | 1 Gnu | 1 Tar | 2025-04-03 | 7.0 High |
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | ||||
CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 5 Enscript, Enterprise Linux, Fedora Core and 2 more | 2025-04-03 | N/A |
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. |