Filtered by vendor Gnu
Subscribe
Total
989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000383 | 1 Gnu | 1 Emacs | 2017-11-27 | 2.1 LOW | 5.5 MEDIUM |
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | |||||
CVE-2011-5320 | 1 Gnu | 1 Glibc | 2017-11-08 | 2.1 LOW | 6.2 MEDIUM |
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. | |||||
CVE-2016-10325 | 1 Gnu | 1 Osip | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. | |||||
CVE-2017-7853 | 1 Gnu | 1 Osip | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. | |||||
CVE-2016-10326 | 1 Gnu | 1 Osip | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. | |||||
CVE-2016-10324 | 1 Gnu | 1 Osip | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | |||||
CVE-2006-6719 | 1 Gnu | 1 Wget | 2017-10-18 | 5.0 MEDIUM | N/A |
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | |||||
CVE-2017-15025 | 1 Gnu | 1 Binutils | 2017-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | |||||
CVE-2017-15022 | 1 Gnu | 1 Binutils | 2017-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
CVE-2006-4146 | 1 Gnu | 1 Gdb | 2017-10-10 | 5.1 MEDIUM | N/A |
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. | |||||
CVE-2006-4790 | 1 Gnu | 1 Gnutls | 2017-10-10 | 5.0 MEDIUM | N/A |
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. | |||||
CVE-2005-1705 | 1 Gnu | 1 Gdb | 2017-10-10 | 7.2 HIGH | N/A |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | |||||
CVE-2005-3573 | 1 Gnu | 1 Mailman | 2017-10-10 | 5.0 MEDIUM | N/A |
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | |||||
CVE-2005-1228 | 1 Gnu | 1 Gzip | 2017-10-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2017-10-10 | 5.0 MEDIUM | N/A |
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | |||||
CVE-2005-1111 | 1 Gnu | 1 Cpio | 2017-10-10 | 3.7 LOW | N/A |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2017-10-10 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2005-4153 | 1 Gnu | 1 Mailman | 2017-10-10 | 7.8 HIGH | N/A |
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | |||||
CVE-2006-2941 | 1 Gnu | 1 Mailman | 2017-10-10 | 5.0 MEDIUM | N/A |
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | |||||
CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2017-10-10 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. |