Filtered by vendor Gnu
Subscriptions
Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0455 | 2 Gnu, Redhat | 2 Privacy Guard, Enterprise Linux | 2025-04-03 | N/A |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | ||||
| CVE-2003-0028 | 11 Cray, Freebsd, Gnu and 8 more | 15 Unicos, Freebsd, Glibc and 12 more | 2025-04-03 | N/A |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | ||||
| CVE-2001-0884 | 2 Gnu, Redhat | 4 Mailman, Linux, Powertools and 1 more | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. | ||||
| CVE-2004-0548 | 2 Gentoo, Gnu | 2 Linux, Aspell | 2025-04-03 | N/A |
| Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. | ||||
| CVE-2005-1705 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2025-04-03 | N/A |
| gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | ||||
| CVE-2004-0555 | 1 Gnu | 1 Queue | 2025-04-03 | N/A |
| Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code. | ||||
| CVE-2002-1344 | 3 Gnu, Redhat, Sun | 4 Wget, Enterprise Linux, Linux and 1 more | 2025-04-03 | N/A |
| Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. | ||||
| CVE-2004-0354 | 1 Gnu | 1 Anubis | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | ||||
| CVE-2004-0576 | 1 Gnu | 1 Radius | 2025-04-03 | N/A |
| The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID. | ||||
| CVE-2005-2180 | 1 Gnu | 1 Gnats | 2025-04-03 | N/A |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | ||||
| CVE-1999-0402 | 1 Gnu | 1 Wget | 2025-04-03 | N/A |
| wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | ||||
| CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2025-04-03 | N/A |
| gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | ||||
| CVE-2004-0422 | 2 Gnu, Redhat | 2 Flim, Enterprise Linux | 2025-04-03 | N/A |
| flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack. | ||||
| CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | ||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | ||||
| CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | ||||
| CVE-2004-0603 | 1 Gnu | 1 Gzip | 2025-04-03 | N/A |
| gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | ||||
| CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2025-04-03 | N/A |
| Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | ||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2025-04-03 | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | ||||
| CVE-2004-1773 | 2 Gnu, Redhat | 2 Sharutils, Enterprise Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | ||||