Filtered by vendor Gnu
Subscriptions
Total
1074 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-3137 | 1 Gnu | 1 Cfengine | 2024-11-21 | N/A |
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | ||||
CVE-2005-3123 | 1 Gnu | 1 Gnump3d | 2024-11-21 | N/A |
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | ||||
CVE-2005-3011 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2024-11-21 | N/A |
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2024-11-21 | N/A |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | ||||
CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | ||||
CVE-2005-2541 | 1 Gnu | 1 Tar | 2024-11-21 | 7.0 High |
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | ||||
CVE-2005-2397 | 1 Gnu | 1 Phpbook | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. | ||||
CVE-2005-2180 | 1 Gnu | 1 Gnats | 2024-11-21 | N/A |
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | ||||
CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2024-11-21 | N/A |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | ||||
CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | ||||
CVE-2005-1705 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2024-11-21 | N/A |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | ||||
CVE-2005-1704 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2024-11-21 | N/A |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | ||||
CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | ||||
CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | ||||
CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | ||||
CVE-2005-1520 | 1 Gnu | 1 Mailutils | 2024-11-21 | N/A |
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. | ||||
CVE-2005-1431 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-11-21 | N/A |
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | ||||
CVE-2005-1229 | 1 Gnu | 1 Cpio | 2024-11-21 | N/A |
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | ||||
CVE-2005-1228 | 2 Gnu, Redhat | 2 Gzip, Enterprise Linux | 2024-11-21 | N/A |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | ||||
CVE-2005-1111 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Cpio and 1 more | 2024-11-21 | 4.7 Medium |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. |