Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0795 | 4 Gnu, Quagga, Redhat and 1 more | 5 Zebra, Quagga, Enterprise Linux and 2 more | 2024-08-08 | N/A |
| The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | ||||
| CVE-2003-0854 | 3 Gnu, Redhat, Washington University | 4 Fileutils, Enterprise Linux, Linux and 1 more | 2024-08-08 | N/A |
| ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | ||||
| CVE-2003-0849 | 1 Gnu | 1 Cfengine | 2024-08-08 | N/A |
| Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | ||||
| CVE-2003-0826 | 1 Gnu | 1 Lsh | 2024-08-08 | N/A |
| lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | ||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2024-08-08 | 6.2 Medium |
| znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2003-0255 | 2 Gnu, Redhat | 3 Privacy Guard, Enterprise Linux, Linux | 2024-08-08 | N/A |
| The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | ||||
| CVE-2003-0038 | 1 Gnu | 1 Mailman | 2024-08-08 | N/A |
| Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | ||||
| CVE-2003-0028 | 11 Cray, Freebsd, Gnu and 8 more | 15 Unicos, Freebsd, Glibc and 12 more | 2024-08-08 | N/A |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | ||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2024-08-08 | N/A |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | ||||
| CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2024-08-08 | N/A |
| Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. | ||||
| CVE-2004-2461 | 1 Gnu | 1 Gnubiff | 2024-08-08 | N/A |
| Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||||
| CVE-2004-2093 | 1 Gnu | 1 Rsync | 2024-08-08 | N/A |
| Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. | ||||
| CVE-2004-2014 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2024-08-08 | N/A |
| Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | ||||
| CVE-2004-1773 | 2 Gnu, Redhat | 2 Sharutils, Enterprise Linux | 2024-08-08 | N/A |
| Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | ||||
| CVE-2004-1772 | 2 Gnu, Redhat | 2 Sharutils, Enterprise Linux | 2024-08-08 | N/A |
| Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | ||||
| CVE-2004-1702 | 1 Gnu | 1 Cfengine | 2024-08-08 | N/A |
| The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2004-1701 | 1 Gnu | 1 Cfengine | 2024-08-08 | N/A |
| Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication. | ||||
| CVE-2004-1485 | 2 Gnu, Tftp | 2 Inetutils, Tftp | 2024-08-08 | N/A |
| Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | ||||
| CVE-2004-1487 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2024-08-08 | N/A |
| wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | ||||
| CVE-2004-1488 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2024-08-08 | N/A |
| wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | ||||