manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
Max CVSS
9.8
EPSS Score
0.73%
Published
2020-10-06
Updated
2020-12-03
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
Max CVSS
10.0
EPSS Score
0.56%
Published
2000-12-19
Updated
2021-05-10
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-12-19
Updated
2017-10-10
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Max CVSS
10.0
EPSS Score
12.74%
Published
2003-05-27
Updated
2018-05-03
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2003-12-15
Updated
2016-10-18
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
Max CVSS
10.0
EPSS Score
3.90%
Published
2004-11-23
Updated
2017-07-11
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
Max CVSS
10.0
EPSS Score
9.39%
Published
2004-11-23
Updated
2017-07-11
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Max CVSS
10.0
EPSS Score
0.50%
Published
2004-12-06
Updated
2017-07-11
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
Max CVSS
10.0
EPSS Score
2.69%
Published
2004-12-06
Updated
2017-07-11
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Max CVSS
10.0
EPSS Score
3.41%
Published
2005-01-10
Updated
2018-10-19
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
Max CVSS
10.0
EPSS Score
13.31%
Published
2004-08-09
Updated
2017-07-11
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
0.63%
Published
2005-08-10
Updated
2021-06-18
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.
Max CVSS
9.8
EPSS Score
0.26%
Published
2019-04-10
Updated
2019-04-11
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
46.34%
Published
2006-11-28
Updated
2017-07-20
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Max CVSS
10.0
EPSS Score
6.08%
Published
2006-12-07
Updated
2018-10-17
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
Max CVSS
10.0
EPSS Score
9.58%
Published
2007-05-04
Updated
2017-07-29
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Max CVSS
10.0
EPSS Score
1.01%
Published
2007-12-07
Updated
2018-10-03
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
Max CVSS
10.0
EPSS Score
8.41%
Published
2008-05-21
Updated
2018-10-11
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Max CVSS
9.3
EPSS Score
5.13%
Published
2008-05-21
Updated
2018-10-11
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Max CVSS
9.3
EPSS Score
0.46%
Published
2008-09-04
Updated
2018-10-11

CVE-2011-4862

Public exploit
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Max CVSS
10.0
EPSS Score
97.19%
Published
2011-12-25
Updated
2021-02-09
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Max CVSS
9.3
EPSS Score
0.15%
Published
2012-01-19
Updated
2018-12-07
gnusound 0.7.5 has format string issue
Max CVSS
9.8
EPSS Score
0.46%
Published
2019-11-19
Updated
2019-12-04

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
Max CVSS
9.8
EPSS Score
2.61%
Published
2018-03-07
Updated
2018-03-27
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!