Filtered by vendor Gnu
Subscribe
Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2162 | 2 Gnu, Mozilla | 2 Iceweasel, Firefox | 2025-04-09 | 7.8 HIGH | N/A |
| (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2025-04-09 | 7.2 HIGH | N/A |
| GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | |||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2025-04-09 | 6.3 MEDIUM | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | |||||
| CVE-2008-1950 | 1 Gnu | 1 Gnutls | 2025-04-09 | 5.0 MEDIUM | N/A |
| Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | |||||
| CVE-2008-4100 | 1 Gnu | 1 Adns | 2025-04-09 | 6.4 MEDIUM | N/A |
| GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment. | |||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2025-04-09 | 7.5 HIGH | N/A |
| The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | |||||
| CVE-2006-4810 | 1 Gnu | 1 Texinfo | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | |||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||||
| CVE-2008-1948 | 1 Gnu | 1 Gnutls | 2025-04-09 | 10.0 HIGH | N/A |
| The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. | |||||
| CVE-2010-0015 | 1 Gnu | 1 Glibc | 2025-04-09 | 7.5 HIGH | N/A |
| nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. | |||||
| CVE-2009-2730 | 1 Gnu | 1 Gnutls | 2025-04-09 | 7.5 HIGH | N/A |
| libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2009-4029 | 1 Gnu | 1 Automake | 2025-04-09 | 4.4 MEDIUM | N/A |
| The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | |||||
| CVE-2007-3048 | 1 Gnu | 1 Screen | 2025-04-09 | 7.2 HIGH | N/A |
| GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue | |||||
| CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | |||||
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2025-04-09 | 2.6 LOW | N/A |
| Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | |||||
| CVE-2008-1946 | 1 Gnu | 1 Coreutils | 2025-04-09 | 4.4 MEDIUM | N/A |
| The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||||
| CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2025-04-09 | 7.5 HIGH | N/A |
| lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | |||||
| CVE-2009-2409 | 3 Gnu, Mozilla, Openssl | 3 Gnutls, Network Security Services, Openssl | 2025-04-09 | 5.1 MEDIUM | N/A |
| The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
| CVE-2007-2452 | 1 Gnu | 1 Findutils | 2025-04-09 | 6.0 MEDIUM | N/A |
| Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. | |||||