Filtered by vendor Gnu
Subscribe
Total
1079 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3771 | 1 Gnu | 1 Phpbook | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | |||||
| CVE-2010-3847 | 1 Gnu | 1 Glibc | 2025-04-11 | 6.9 MEDIUM | N/A |
| elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | |||||
| CVE-2010-0830 | 1 Gnu | 1 Glibc | 2025-04-11 | 5.1 MEDIUM | N/A |
| Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | |||||
| CVE-2010-3192 | 1 Gnu | 1 Glibc | 2025-04-11 | 5.0 MEDIUM | N/A |
| Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | |||||
| CVE-2012-3404 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. | |||||
| CVE-2012-1175 | 1 Gnu | 1 Gnash | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-4466 | 1 Gnu | 1 Gnutls | 2025-04-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. | |||||
| CVE-2012-3479 | 1 Gnu | 1 Emacs | 2025-04-11 | 6.8 MEDIUM | N/A |
| lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. | |||||
| CVE-2011-5024 | 1 Gnu | 1 Mailman | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. | |||||
| CVE-2010-3089 | 1 Gnu | 1 Mailman | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. | |||||
| CVE-2009-4881 | 1 Gnu | 1 Glibc | 2025-04-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. | |||||
| CVE-2010-0731 | 1 Gnu | 1 Gnutls | 2025-04-11 | 7.5 HIGH | N/A |
| The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. | |||||
| CVE-2009-5064 | 1 Gnu | 1 Glibc | 2025-04-11 | 6.9 MEDIUM | N/A |
| ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. | |||||
| CVE-2013-2207 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2025-04-11 | 2.6 LOW | N/A |
| pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | |||||
| CVE-2011-1089 | 1 Gnu | 1 Glibc | 2025-04-11 | 3.3 LOW | N/A |
| The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | |||||
| CVE-2012-1573 | 1 Gnu | 1 Gnutls | 2025-04-11 | 5.0 MEDIUM | N/A |
| gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. | |||||
| CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2025-04-11 | 6.4 MEDIUM | 6.5 MEDIUM |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | |||||
| CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2025-04-11 | 4.3 MEDIUM | N/A |
| emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | |||||
| CVE-2013-7038 | 1 Gnu | 1 Libmicrohttpd | 2025-04-11 | 6.4 MEDIUM | N/A |
| The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. | |||||
| CVE-2013-4237 | 1 Gnu | 1 Glibc | 2025-04-11 | 6.8 MEDIUM | N/A |
| sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. | |||||