Filtered by vendor Gnu
Subscribe
Total
1100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2025-04-03 | 2.1 LOW | N/A |
| Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2025-04-03 | 5.0 MEDIUM | N/A |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | |||||
| CVE-2006-0455 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 4.6 MEDIUM | N/A |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | |||||
| CVE-2004-1177 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | |||||
| CVE-2003-0826 | 1 Gnu | 1 Lsh | 2025-04-03 | 7.5 HIGH | N/A |
| lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | |||||
| CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | |||||
| CVE-2006-4146 | 1 Gnu | 1 Gdb | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. | |||||
| CVE-2001-0884 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. | |||||
| CVE-2000-0786 | 1 Gnu | 1 Userv | 2025-04-03 | 4.6 MEDIUM | N/A |
| GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. | |||||
| CVE-2006-2941 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | |||||
| CVE-2004-0970 | 1 Gnu | 1 Gzip | 2025-04-03 | 2.1 LOW | N/A |
| The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. | |||||
| CVE-2004-1485 | 2 Gnu, Tftp | 2 Inetutils, Tftp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | |||||
| CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2000-1137 | 1 Gnu | 1 Ed | 2025-04-03 | 4.6 MEDIUM | N/A |
| GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. | |||||
| CVE-2004-0603 | 1 Gnu | 1 Gzip | 2025-04-03 | 10.0 HIGH | N/A |
| gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | |||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2025-04-03 | 6.4 MEDIUM | N/A |
| Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed | |||||
| CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | |||||
| CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 2.6 LOW | N/A |
| The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
| CVE-2000-0963 | 4 Freebsd, Gnu, Immunix and 1 more | 4 Freebsd, Ncurses, Immunix and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
| CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||||