Filtered by vendor Gnu
Subscriptions
Total
1222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2808 | 2 Gnu, Yngve Svendsen | 2 Gnats, Gnatsweb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | ||||
| CVE-2007-3048 | 1 Gnu | 1 Screen | 2026-04-23 | N/A |
| GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue | ||||
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | ||||
| CVE-2006-7151 | 2 Gnu, Redhat | 2 Libtool-ltdl, Fedora Core | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | ||||
| CVE-2006-6939 | 1 Gnu | 1 Ed | 2026-04-23 | N/A |
| GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | ||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2026-04-23 | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | ||||
| CVE-2007-6109 | 1 Gnu | 1 Emacs | 2026-04-23 | N/A |
| Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. | ||||
| CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2026-04-23 | N/A |
| gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2006-5864 | 1 Gnu | 1 Gv | 2026-04-23 | N/A |
| Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince. | ||||
| CVE-2006-4810 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||
| CVE-2008-1948 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-23 | N/A |
| The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. | ||||
| CVE-2008-1949 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-23 | N/A |
| The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. | ||||
| CVE-2008-1950 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-23 | N/A |
| Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | ||||
| CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2026-04-23 | N/A |
| Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | ||||
| CVE-2006-4181 | 1 Gnu | 1 Radius | 2026-04-23 | N/A |
| Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2026-04-23 | N/A |
| The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | ||||
| CVE-2008-2377 | 1 Gnu | 1 Gnutls | 2026-04-23 | N/A |
| Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. | ||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2026-04-23 | N/A |
| GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | ||||
| CVE-2007-4476 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Tar and 1 more | 2026-04-23 | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | ||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2026-04-23 | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | ||||