Filtered by vendor Gnu
Subscribe
Total
1141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0707 | 1 Gnu | 1 Mailman | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. | |||||
| CVE-2011-4355 | 1 Gnu | 1 Gdb | 2025-04-11 | 6.9 MEDIUM | N/A |
| GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | |||||
| CVE-2012-4412 | 1 Gnu | 1 Glibc | 2025-04-11 | 7.5 HIGH | N/A |
| Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-0864 | 1 Gnu | 1 Glibc | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | |||||
| CVE-2010-4051 | 1 Gnu | 1 Glibc | 2025-04-11 | 5.0 MEDIUM | N/A |
| The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | |||||
| CVE-2010-0624 | 1 Gnu | 2 Cpio, Tar | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | |||||
| CVE-2012-3480 | 1 Gnu | 1 Glibc | 2025-04-11 | 4.6 MEDIUM | N/A |
| Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | |||||
| CVE-2009-2624 | 1 Gnu | 1 Gzip | 2025-04-11 | 6.8 MEDIUM | N/A |
| The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
| CVE-2022-3715 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2025-04-10 | N/A | 7.8 HIGH |
| A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | |||||
| CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2025-04-09 | 7.5 HIGH | N/A |
| lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | |||||
| CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2025-04-09 | 4.3 MEDIUM | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||||
| CVE-2008-5078 | 1 Gnu | 1 Escript | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | |||||
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2025-04-09 | 2.6 LOW | N/A |
| Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | |||||
| CVE-2007-6613 | 1 Gnu | 1 Libcdio | 2025-04-09 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. | |||||
| CVE-2008-1946 | 1 Gnu | 1 Coreutils | 2025-04-09 | 4.4 MEDIUM | N/A |
| The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||||
| CVE-2009-2409 | 3 Gnu, Mozilla, Openssl | 3 Gnutls, Network Security Services, Openssl | 2025-04-09 | 5.1 MEDIUM | N/A |
| The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | |||||
| CVE-2009-3736 | 1 Gnu | 1 Libtool | 2025-04-09 | 6.9 MEDIUM | N/A |
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2007-4131 | 3 Gnu, Redhat, Rpath | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | |||||
| CVE-2008-1694 | 1 Gnu | 2 Emacs, Sccs | 2025-04-09 | 4.6 MEDIUM | N/A |
| vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-2808 | 2 Gnu, Yngve Svendsen | 2 Gnats, Gnatsweb | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | |||||