Filtered by vendor Gnu
Subscribe
Total
1120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2025-04-03 | 5.0 MEDIUM | N/A |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | |||||
| CVE-2001-0072 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | |||||
| CVE-2006-3636 | 1 Gnu | 1 Mailman | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2004-1485 | 2 Gnu, Tftp | 2 Inetutils, Tftp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | |||||
| CVE-2004-1186 | 1 Gnu | 1 Enscript | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | |||||
| CVE-2002-0684 | 2 Gnu, Isc | 2 Glibc, Bind | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | |||||
| CVE-2003-0854 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2025-04-03 | 2.1 LOW | N/A |
| ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2004-1453 | 1 Gnu | 1 Glibc | 2025-04-03 | 2.1 LOW | N/A |
| GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. | |||||
| CVE-2002-1344 | 2 Gnu, Sun | 2 Wget, Cobalt Raq Xtr | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. | |||||
| CVE-2000-0335 | 2 Gnu, Isc | 2 Glibc, Bind | 2025-04-03 | 7.5 HIGH | N/A |
| The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | |||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2025-04-03 | N/A | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | |||||
| CVE-2006-2362 | 1 Gnu | 1 Binutils | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
| Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | |||||
| CVE-2004-1773 | 1 Gnu | 1 Sharutils | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | |||||
| CVE-2003-0965 | 1 Gnu | 1 Mailman | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | |||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||||
| CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||||
| CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 2.6 LOW | N/A |
| The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
| CVE-2005-1228 | 1 Gnu | 1 Gzip | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
| CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | |||||
| CVE-2003-0971 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
| GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | |||||