Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-1228 | 2 Gnu, Redhat | 2 Gzip, Enterprise Linux | 2024-08-07 | N/A |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | ||||
CVE-2005-1111 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Cpio and 1 more | 2024-08-07 | 4.7 Medium |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | ||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2024-08-07 | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | ||||
CVE-2005-0990 | 2 Gnu, Redhat | 2 Sharutils, Enterprise Linux | 2024-08-07 | N/A |
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. | ||||
CVE-2005-0758 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Gzip, Enterprise Linux | 2024-08-07 | N/A |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||||
CVE-2005-0202 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-08-07 | N/A |
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | ||||
CVE-2005-0100 | 2 Gnu, Redhat | 3 Emacs, Xemacs, Enterprise Linux | 2024-08-07 | N/A |
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | ||||
CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2024-08-07 | N/A |
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | ||||
CVE-2006-7239 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-07 | N/A |
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | ||||
CVE-2006-7254 | 1 Gnu | 1 Glibc | 2024-08-07 | N/A |
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | ||||
CVE-2006-7151 | 2 Gnu, Redhat | 2 Libtool-ltdl, Fedora Core | 2024-08-07 | N/A |
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | ||||
CVE-2006-6939 | 1 Gnu | 1 Ed | 2024-08-07 | N/A |
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | ||||
CVE-2006-6719 | 1 Gnu | 1 Wget | 2024-08-07 | N/A |
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | ||||
CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2024-08-07 | N/A |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | ||||
CVE-2006-6097 | 2 Gnu, Redhat | 2 Tar, Enterprise Linux | 2024-08-07 | N/A |
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | ||||
CVE-2006-5864 | 1 Gnu | 1 Gv | 2024-08-07 | N/A |
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince. | ||||
CVE-2006-4810 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2024-08-07 | N/A |
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||
CVE-2006-4790 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-07 | N/A |
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. | ||||
CVE-2006-4624 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-08-07 | N/A |
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. | ||||
CVE-2006-4573 | 1 Gnu | 1 Screen | 2024-08-07 | N/A |
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. |