Filtered by vendor Gnu Subscriptions
Total 1074 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-1039 1 Gnu 1 Coreutils 2024-11-21 N/A
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
CVE-2005-0990 2 Gnu, Redhat 2 Sharutils, Enterprise Linux 2024-11-21 N/A
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
CVE-2005-0988 7 Freebsd, Gentoo, Gnu and 4 more 13 Freebsd, Linux, Gzip and 10 more 2024-11-21 N/A
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
CVE-2005-0758 3 Canonical, Gnu, Redhat 3 Ubuntu Linux, Gzip, Enterprise Linux 2024-11-21 N/A
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVE-2005-0202 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2024-11-21 N/A
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
CVE-2005-0100 2 Gnu, Redhat 3 Emacs, Xemacs, Enterprise Linux 2024-11-21 N/A
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
CVE-2005-0080 2 Gnu, Ubuntu 2 Mailman, Ubuntu Linux 2024-11-21 N/A
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
CVE-2004-2531 1 Gnu 1 Gnutls 2024-11-21 N/A
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
CVE-2004-2461 1 Gnu 1 Gnubiff 2024-11-21 N/A
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2004-2460 1 Gnu 1 Gnubiff 2024-11-21 N/A
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.
CVE-2004-2459 1 Gnu 1 Gnubiff 2024-11-21 N/A
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
CVE-2004-2264 1 Gnu 1 Less 2024-11-21 N/A
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
CVE-2004-2093 1 Gnu 1 Rsync 2024-11-21 N/A
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
CVE-2004-2014 2 Gnu, Redhat 2 Wget, Enterprise Linux 2024-11-21 N/A
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
CVE-2004-1773 2 Gnu, Redhat 2 Sharutils, Enterprise Linux 2024-11-21 N/A
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
CVE-2004-1772 2 Gnu, Redhat 2 Sharutils, Enterprise Linux 2024-11-21 N/A
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
CVE-2004-1702 1 Gnu 1 Cfengine 2024-11-21 N/A
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVE-2004-1701 1 Gnu 1 Cfengine 2024-11-21 N/A
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVE-2004-1488 2 Gnu, Redhat 2 Wget, Enterprise Linux 2024-11-21 N/A
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
CVE-2004-1487 2 Gnu, Redhat 2 Wget, Enterprise Linux 2024-11-21 N/A
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.