Filtered by vendor Gnu Subscriptions
Total 1074 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1485 2 Gnu, Tftp 2 Inetutils, Tftp 2024-11-21 N/A
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
CVE-2004-1453 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2024-11-21 N/A
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
CVE-2004-1382 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2024-11-21 N/A
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
CVE-2004-1377 2 Gnu, Turbolinux 4 A2ps, Turbolinux Home, Turbolinux Server and 1 more 2024-11-21 N/A
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1349 2 Gnu, Oracle 2 Gzip, Solaris 2024-11-21 N/A
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVE-2004-1337 3 Conectiva, Gnu, Ubuntu 3 Linux, Realtime Linux Security Module, Ubuntu Linux 2024-11-21 N/A
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVE-2004-1296 1 Gnu 1 Groff 2024-11-21 N/A
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1186 2 Gnu, Redhat 2 Enscript, Enterprise Linux 2024-11-21 N/A
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
CVE-2004-1185 2 Gnu, Redhat 2 Enscript, Enterprise Linux 2024-11-21 N/A
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVE-2004-1184 4 Gnu, Redhat, Sgi and 1 more 5 Enscript, Enterprise Linux, Fedora Core and 2 more 2024-11-21 N/A
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVE-2004-1177 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
CVE-2004-1170 3 Gnu, Sun, Suse 3 A2ps, Java Desktop System, Suse Linux 2024-11-21 N/A
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2004-1143 1 Gnu 1 Mailman 2024-11-21 N/A
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVE-2004-0984 1 Gnu 1 Mailutils 2024-11-21 N/A
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
CVE-2004-0970 1 Gnu 1 Gzip 2024-11-21 N/A
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVE-2004-0969 3 Gentoo, Gnu, Ubuntu 3 Linux, Groff, Ubuntu Linux 2024-11-21 N/A
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0968 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Enterprise Linux Desktop 2024-11-21 N/A
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0966 2 Gnu, Ubuntu 2 Gettext, Ubuntu Linux 2024-11-21 N/A
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0849 1 Gnu 1 Radius 2024-11-21 N/A
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
CVE-2004-0778 2 Gnu, Redhat 2 Cvs, Enterprise Linux 2024-11-21 N/A
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.