| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1914 |
119 |
|
DoS Overflow |
2013-04-29 |
2013-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. |
|
2 |
CVE-2013-1619 |
310 |
|
|
2013-02-08 |
2013-06-04 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. |
|
3 |
CVE-2013-0242 |
119 |
|
DoS Overflow Mem. Corr. |
2013-02-08 |
2013-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. |
|
4 |
CVE-2012-5667 |
189 |
|
Exec Code Overflow |
2013-01-03 |
2013-01-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. |
|
5 |
CVE-2012-3509 |
189 |
|
DoS Overflow |
2012-09-05 |
2012-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. |
|
6 |
CVE-2012-3480 |
189 |
|
DoS Exec Code Overflow |
2012-08-25 |
2013-03-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. |
|
7 |
CVE-2012-3479 |
|
|
Exec Code |
2012-08-25 |
2013-04-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. |
|
8 |
CVE-2012-3410 |
119 |
|
Overflow Bypass |
2012-08-27 |
2013-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. |
|
9 |
CVE-2012-3386 |
264 |
|
Exec Code |
2012-08-07 |
2013-04-04 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. |
|
10 |
CVE-2012-3236 |
119 |
1
|
DoS Overflow |
2012-07-12 |
2012-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. |
|
11 |
CVE-2012-1663 |
399 |
|
DoS |
2012-03-13 |
2012-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. |
|
12 |
CVE-2012-1573 |
310 |
|
DoS Mem. Corr. |
2012-03-26 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. |
|
13 |
CVE-2012-1569 |
189 |
|
DoS Mem. Corr. |
2012-03-26 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. |
|
14 |
CVE-2012-1175 |
189 |
|
DoS Exec Code Overflow |
2012-08-26 |
2012-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. |
|
15 |
CVE-2012-0864 |
189 |
|
Overflow Bypass |
2013-05-02 |
2013-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. |
|
16 |
CVE-2012-0390 |
310 |
|
Exec Code |
2012-01-05 |
2012-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. |
|
17 |
CVE-2012-0035 |
|
|
+Priv |
2012-01-19 |
2013-04-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. |
|
18 |
CVE-2011-5024 |
79 |
|
XSS |
2011-12-29 |
2013-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. |
|
19 |
CVE-2011-4609 |
399 |
|
DoS |
2013-05-02 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. |
|
20 |
CVE-2011-4355 |
264 |
|
+Priv |
2013-03-05 |
2013-03-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. |
|
21 |
CVE-2011-4328 |
264 |
|
+Info |
2012-06-15 |
2012-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (word readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. |
|
22 |
CVE-2011-4128 |
119 |
|
DoS Overflow |
2011-12-08 |
2013-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. |
|
23 |
CVE-2011-3771 |
200 |
|
+Info |
2011-09-23 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. |
|
24 |
CVE-2011-2896 |
119 |
|
Exec Code Overflow |
2011-08-19 |
2013-05-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. |
|
25 |
CVE-2011-1659 |
189 |
|
DoS Overflow |
2011-04-08 |
2012-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. |
|
26 |
CVE-2011-1658 |
264 |
|
+Priv |
2011-04-08 |
2011-10-25 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. |
|
27 |
CVE-2011-1178 |
189 |
|
DoS Exec Code Overflow |
2011-06-06 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow. |
|
28 |
CVE-2011-1095 |
264 |
|
+Priv |
2011-04-09 |
2012-01-26 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. |
|
29 |
CVE-2011-1089 |
16 |
|
|
2011-04-09 |
2012-01-18 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. |
|
30 |
CVE-2011-1071 |
399 |
|
DoS Exec Code |
2011-04-08 |
2012-01-26 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. |
|
31 |
CVE-2011-0707 |
79 |
|
XSS |
2011-02-22 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. |
|
32 |
CVE-2011-0536 |
|
|
+Priv |
2011-04-08 |
2012-01-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
|
33 |
CVE-2010-4756 |
399 |
|
DoS |
2011-03-02 |
2011-03-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. |
|
34 |
CVE-2010-4651 |
22 |
|
Dir. Trav. |
2011-03-11 |
2011-07-01 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. |
|
35 |
CVE-2010-4543 |
119 |
|
DoS Exec Code Overflow |
2011-01-07 |
2013-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. |
|
36 |
CVE-2010-4542 |
119 |
|
DoS Exec Code Overflow |
2011-01-07 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. |
|
37 |
CVE-2010-4541 |
119 |
|
DoS Exec Code Overflow |
2011-01-07 |
2013-05-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. |
|
38 |
CVE-2010-4540 |
119 |
|
DoS Exec Code Overflow |
2011-01-07 |
2013-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. |
|
39 |
CVE-2010-4337 |
59 |
|
|
2011-01-14 |
2012-06-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. |
|
40 |
CVE-2010-4052 |
399 |
1
|
DoS |
2011-01-13 |
2011-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. |
|
41 |
CVE-2010-4051 |
|
1
|
DoS Overflow Bypass |
2011-01-13 |
2011-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
|
42 |
CVE-2010-3856 |
264 |
|
+Priv |
2011-01-07 |
2011-02-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. |
|
43 |
CVE-2010-3847 |
59 |
|
+Priv |
2011-01-07 |
2011-03-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. |
|
44 |
CVE-2010-3192 |
200 |
|
Overflow +Info |
2010-10-14 |
2010-10-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. |
|
45 |
CVE-2010-3089 |
79 |
|
XSS |
2010-09-15 |
2011-03-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. |
|
46 |
CVE-2010-2252 |
20 |
|
Exec Code |
2010-07-06 |
2010-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. |
|
47 |
CVE-2010-2056 |
59 |
|
|
2010-07-22 |
2010-07-22 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
48 |
CVE-2010-1161 |
362 |
|
|
2010-04-16 |
2010-06-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. |
|
49 |
CVE-2010-1160 |
59 |
|
|
2010-04-16 |
2010-06-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. |
|
50 |
CVE-2010-0830 |
189 |
|
Exec Code |
2010-06-01 |
2011-01-12 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. |
