Filtered by vendor Gnu Subscriptions
Total 1074 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0859 5 Gnu, Intel, Quagga and 2 more 8 Glibc, Zebra, Ia64 and 5 more 2024-11-21 N/A
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2003-0858 3 Gnu, Quagga, Redhat 4 Zebra, Quagga Routing Software Suite, Enterprise Linux and 1 more 2024-11-21 N/A
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2003-0854 3 Gnu, Redhat, Washington University 4 Fileutils, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
CVE-2003-0853 3 Gnu, Redhat, Washington University 4 Fileutils, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVE-2003-0849 1 Gnu 1 Cfengine 2024-11-21 N/A
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
CVE-2003-0826 1 Gnu 1 Lsh 2024-11-21 N/A
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
CVE-2003-0795 4 Gnu, Quagga, Redhat and 1 more 5 Zebra, Quagga, Enterprise Linux and 2 more 2024-11-21 N/A
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
CVE-2003-0367 2 Debian, Gnu 2 Debian Linux, Gzip 2024-11-21 6.2 Medium
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2003-0255 2 Gnu, Redhat 3 Privacy Guard, Enterprise Linux, Linux 2024-11-21 N/A
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
CVE-2003-0038 1 Gnu 1 Mailman 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
CVE-2003-0028 11 Cray, Freebsd, Gnu and 8 more 15 Unicos, Freebsd, Glibc and 12 more 2024-11-21 N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-2002-2439 1 Gnu 1 Gcc 2024-11-21 7.8 High
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
CVE-2002-2099 1 Gnu 1 Data Display Debugger 2024-11-21 N/A
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
CVE-2002-1602 1 Gnu 1 Screen 2024-11-21 N/A
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
CVE-2002-1344 3 Gnu, Redhat, Sun 4 Wget, Enterprise Linux, Linux and 1 more 2024-11-21 N/A
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Mac Os X Server, Glibc and 1 more 2024-11-21 N/A
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2002-1216 2 Gnu, Redhat 3 Tar, Enterprise Linux, Linux 2024-11-21 N/A
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
CVE-2002-1146 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Linux 2024-11-21 N/A
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
CVE-2002-0855 2 Gnu, Redhat 5 Mailman, Enterprise Linux, Linux and 2 more 2024-11-21 N/A
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
CVE-2002-0684 3 Gnu, Isc, Redhat 4 Glibc, Bind, Enterprise Linux and 1 more 2024-11-21 N/A
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.