GNU : Security Vulnerabilities, CVEs, Published In 2004 (Code Execution)

Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.

Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.