Filtered by vendor Gnu
Subscribe
Total
989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2017-10-09 | 7.5 HIGH | N/A |
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. | |||||
CVE-2001-0884 | 1 Gnu | 1 Mailman | 2017-10-09 | 5.1 MEDIUM | N/A |
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. | |||||
CVE-2001-0071 | 1 Gnu | 1 Privacy Guard | 2017-10-09 | 2.1 LOW | N/A |
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. | |||||
CVE-2000-0861 | 1 Gnu | 1 Mailman | 2017-10-09 | 7.2 HIGH | N/A |
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | |||||
CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2017-10-09 | 10.0 HIGH | N/A |
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
CVE-2001-1036 | 2 Gnu, Slackware | 2 Findutils, Slackware Linux | 2017-10-09 | 7.2 HIGH | N/A |
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. | |||||
CVE-2017-14974 | 1 Gnu | 1 Binutils | 2017-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
CVE-2017-14940 | 1 Gnu | 1 Binutils | 2017-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | |||||
CVE-2017-14745 | 1 Gnu | 1 Binutils | 2017-09-29 | 6.8 MEDIUM | 7.8 HIGH |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
CVE-2008-5078 | 1 Gnu | 1 Escript | 2017-09-28 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | |||||
CVE-2008-1367 | 1 Gnu | 1 Gcc | 2017-09-28 | 7.5 HIGH | N/A |
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. | |||||
CVE-2008-1946 | 1 Gnu | 1 Coreutils | 2017-09-28 | 4.4 MEDIUM | N/A |
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||||
CVE-2017-14729 | 1 Gnu | 1 Binutils | 2017-09-28 | 6.8 MEDIUM | 7.8 HIGH |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2017-09-27 | 3.3 LOW | 4.7 MEDIUM |
fts.c in coreutils 8.4 allows local users to delete arbitrary files. | |||||
CVE-2017-9038 | 1 Gnu | 1 Binutils | 2017-09-18 | 4.3 MEDIUM | 5.5 MEDIUM |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | |||||
CVE-2017-8398 | 1 Gnu | 1 Binutils | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. | |||||
CVE-2017-8397 | 1 Gnu | 1 Binutils | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
CVE-2017-8396 | 1 Gnu | 1 Binutils | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
CVE-2017-8395 | 1 Gnu | 1 Binutils | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | |||||
CVE-2017-8394 | 1 Gnu | 1 Binutils | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |