Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnu Subscribe
Total 989 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1701 1 Gnu 1 Cfengine 2017-07-10 10.0 HIGH N/A
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVE-2004-2461 1 Gnu 1 Gnubiff 2017-07-10 7.5 HIGH N/A
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2004-2531 1 Gnu 1 Gnutls 2017-07-10 7.8 HIGH N/A
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
CVE-2004-1702 1 Gnu 1 Cfengine 2017-07-10 5.0 MEDIUM N/A
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVE-2004-1485 2 Gnu, Tftp 2 Inetutils, Tftp 2017-07-10 7.5 HIGH N/A
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
CVE-2004-0581 2 Gnu, Mandrakesoft 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server 2017-07-10 4.6 MEDIUM N/A
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
CVE-2004-0603 1 Gnu 1 Gzip 2017-07-10 10.0 HIGH N/A
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
CVE-2004-0623 1 Gnu 1 Gnats 2017-07-10 10.0 HIGH N/A
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
CVE-2004-1143 1 Gnu 1 Mailman 2017-07-10 7.5 HIGH N/A
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVE-2004-1296 1 Gnu 1 Groff 2017-07-10 2.1 LOW N/A
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1337 3 Conectiva, Gnu, Ubuntu 3 Linux, Realtime Linux Security Module, Ubuntu Linux 2017-07-10 7.2 HIGH N/A
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVE-2004-0354 1 Gnu 1 Anubis 2017-07-10 10.0 HIGH N/A
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVE-2004-0422 1 Gnu 1 Flim 2017-07-10 2.1 LOW N/A
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
CVE-2004-1377 2 Gnu, Turbolinux 4 A2ps, Turbolinux Home, Turbolinux Server and 1 more 2017-07-10 2.1 LOW N/A
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0849 1 Gnu 1 Radius 2017-07-10 5.0 MEDIUM N/A
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
CVE-2004-0412 1 Gnu 1 Mailman 2017-07-10 5.0 MEDIUM N/A
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
CVE-2004-0966 2 Gnu, Ubuntu 2 Gettext, Ubuntu Linux 2017-07-10 2.1 LOW N/A
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0969 3 Gentoo, Gnu, Ubuntu 3 Linux, Groff, Ubuntu Linux 2017-07-10 2.1 LOW N/A
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0970 1 Gnu 1 Gzip 2017-07-10 2.1 LOW N/A
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVE-2004-0353 1 Gnu 1 Anubis 2017-07-10 10.0 HIGH N/A
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.