Filtered by vendor Gnu Subscriptions
Total 1107 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-3011 2 Gnu, Redhat 2 Texinfo, Enterprise Linux 2025-04-03 N/A
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2003-1232 1 Gnu 1 Emacs 2025-04-03 N/A
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVE-2001-1301 2 Gnu, Xemacs 2 Emacs, Xemacs 2025-04-03 N/A
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVE-2005-2960 2 Debian, Gnu 2 Debian Linux, Cfengine 2025-04-03 N/A
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVE-2001-0522 2 Gnu, Redhat 2 Privacy Guard, Linux 2025-04-03 N/A
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
CVE-1999-0150 1 Gnu 1 Fingerd 2025-04-03 N/A
The Perl fingerd program allows arbitrary command execution from remote users.
CVE-2003-0978 1 Gnu 1 Privacy Guard 2025-04-03 N/A
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
CVE-2002-1146 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Linux 2025-04-03 N/A
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
CVE-2002-1344 3 Gnu, Redhat, Sun 4 Wget, Enterprise Linux, Linux and 1 more 2025-04-03 N/A
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVE-2005-2878 1 Gnu 1 Mailutils 2025-04-03 N/A
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
CVE-2005-2397 1 Gnu 1 Phpbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
CVE-2000-0335 2 Gnu, Isc 2 Glibc, Bind 2025-04-03 N/A
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVE-2005-1918 2 Gnu, Redhat 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more 2025-04-03 N/A
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVE-2003-0971 2 Gnu, Redhat 3 Privacy Guard, Enterprise Linux, Linux 2025-04-03 N/A
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
CVE-2005-1705 2 Gnu, Redhat 2 Gdb, Enterprise Linux 2025-04-03 N/A
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVE-2005-1704 2 Gnu, Redhat 2 Gdb, Enterprise Linux 2025-04-03 N/A
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
CVE-2003-0965 2 Gnu, Redhat 2 Mailman, Linux 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
CVE-2002-0388 2 Gnu, Redhat 5 Mailman, Enterprise Linux, Linux and 2 more 2025-04-03 N/A
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
CVE-2005-2541 1 Gnu 1 Tar 2025-04-03 7.0 High
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
CVE-2004-1184 4 Gnu, Redhat, Sgi and 1 more 5 Enscript, Enterprise Linux, Fedora Core and 2 more 2025-04-03 N/A
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.