Filtered by vendor Gnu
Subscribe
Total
989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Gnutls, Opensuse and 4 more | 2018-10-30 | 5.0 MEDIUM | N/A |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | |||||
CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | |||||
CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2018-10-30 | 3.3 LOW | N/A |
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
CVE-2001-1376 | 12 Ascend, Freeradius, Gnu and 9 more | 12 Radius, Freeradius, Radius and 9 more | 2018-10-30 | 7.5 HIGH | N/A |
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | |||||
CVE-2001-1377 | 11 Freeradius, Gnu, Icradius and 8 more | 11 Freeradius, Radius, Icradius and 8 more | 2018-10-30 | 5.0 MEDIUM | N/A |
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | |||||
CVE-2018-16430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | |||||
CVE-2017-11112 | 1 Gnu | 1 Ncurses | 2018-10-21 | 5.0 MEDIUM | 7.5 HIGH |
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | |||||
CVE-2017-13734 | 1 Gnu | 1 Ncurses | 2018-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | |||||
CVE-2006-0300 | 1 Gnu | 1 Tar | 2018-10-19 | 5.1 MEDIUM | N/A |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | |||||
CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2018-10-19 | 5.0 MEDIUM | N/A |
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | |||||
CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2018-10-19 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | |||||
CVE-2005-3011 | 1 Gnu | 1 Texinfo | 2018-10-19 | 1.2 LOW | N/A |
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2018-10-19 | 2.6 LOW | N/A |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
CVE-2005-1704 | 1 Gnu | 1 Gdb | 2018-10-19 | 4.6 MEDIUM | N/A |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | |||||
CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2018-10-19 | 7.5 HIGH | N/A |
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||||
CVE-2004-1185 | 1 Gnu | 1 Enscript | 2018-10-19 | 7.5 HIGH | N/A |
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | |||||
CVE-2004-1170 | 3 Gnu, Sun, Suse | 3 A2ps, Java Desktop System, Suse Linux | 2018-10-19 | 10.0 HIGH | N/A |
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 4 Enscript, Fedora Core, Propack and 1 more | 2018-10-19 | 4.6 MEDIUM | N/A |
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||||
CVE-2004-1186 | 1 Gnu | 1 Enscript | 2018-10-19 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | |||||
CVE-2002-1344 | 2 Gnu, Sun | 2 Wget, Cobalt Raq Xtr | 2018-10-19 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. |