CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8564 310 DoS 2014-11-13 2014-11-14
5.0
None Remote Low Not required None None Partial
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
2 CVE-2014-7817 20 Exec Code 2014-11-24 2014-11-24
4.3
None Local Low Single system Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
3 CVE-2014-7187 119 DoS Overflow 2014-09-28 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
4 CVE-2014-7186 119 DoS Overflow 2014-09-28 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
5 CVE-2014-7169 78 Exec Code 2014-09-24 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
6 CVE-2014-6278 78 Exec Code 2014-09-30 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
7 CVE-2014-6277 78 DoS Exec Code 2014-09-27 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
8 CVE-2014-6271 78 Exec Code 2014-09-24 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
9 CVE-2014-5119 189 DoS Exec Code 2014-08-29 2014-11-13
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
10 CVE-2014-4877 22 Exec Code Dir. Trav. 2014-10-29 2014-11-20
9.3
None Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
11 CVE-2014-4043 94 2014-10-06 2014-10-16
7.5
None Remote Low Not required Partial Partial Partial
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
12 CVE-2014-3564 119 DoS Exec Code Overflow 2014-10-20 2014-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
13 CVE-2014-3469 DoS 2014-06-05 2014-11-13
4.3
None Remote Medium Not required None None Partial
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
14 CVE-2014-3468 189 2014-06-05 2014-11-13
6.8
None Remote Medium Not required Partial Partial Partial
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
15 CVE-2014-3467 DoS 2014-06-05 2014-11-13
4.3
None Remote Medium Not required None None Partial
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
16 CVE-2014-3466 119 DoS Exec Code Overflow Mem. Corr. 2014-06-03 2014-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
17 CVE-2014-3465 DoS 2014-06-10 2014-06-18
5.0
None Remote Low Not required None None Partial
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
18 CVE-2014-3424 59 2014-05-08 2014-06-30
3.3
None Local Medium Not required None Partial Partial
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
19 CVE-2014-3423 59 2014-05-08 2014-06-30
3.3
None Local Medium Not required None Partial Partial
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
20 CVE-2014-3422 59 2014-05-08 2014-07-01
3.3
None Local Medium Not required None Partial Partial
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
21 CVE-2014-3421 59 2014-05-08 2014-07-01
3.3
None Local Medium Not required None Partial Partial
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
22 CVE-2014-2524 59 2014-08-20 2014-11-13
3.3
None Local Medium Not required None Partial Partial
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
23 CVE-2014-1959 264 Bypass 2014-03-06 2014-03-16
5.8
None Remote Medium Not required Partial Partial None
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
24 CVE-2014-0475 22 Dir. Trav. Bypass 2014-07-29 2014-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
25 CVE-2014-0466 Exec Code 2014-04-03 2014-04-03
6.8
None Remote Medium Not required Partial Partial Partial
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
26 CVE-2014-0092 310 2014-03-06 2014-04-19
5.8
None Remote Medium Not required Partial Partial None
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
27 CVE-2013-7039 119 DoS Exec Code Overflow 2013-12-13 2014-02-21
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
28 CVE-2013-7038 119 DoS Overflow +Info 2013-12-13 2014-02-21
6.4
None Remote Low Not required Partial None Partial
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
29 CVE-2013-6889 264 2014-05-08 2014-05-09
4.9
None Local Low Not required Complete None None
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
30 CVE-2013-4788 20 Overflow 2013-10-04 2013-12-13
5.1
None Remote High Not required Partial Partial Partial
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
31 CVE-2013-4577 264 2014-05-12 2014-05-12
2.1
None Local Low Not required Partial None None
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
32 CVE-2013-4487 189 DoS Mem. Corr. 2013-11-20 2013-11-20
5.0
None Remote Low Not required None None Partial
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
33 CVE-2013-4466 119 DoS Overflow Mem. Corr. 2013-11-20 2013-11-21
5.0
None Remote Low Not required None None Partial
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
34 CVE-2013-4458 119 DoS Overflow 2013-12-12 2013-12-13
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
35 CVE-2013-4332 189 DoS Overflow 2013-10-09 2014-01-03
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
36 CVE-2013-4237 119 DoS Exec Code Overflow 2013-10-09 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
37 CVE-2013-2207 264 2013-10-09 2013-12-13
2.6
None Local High Not required Partial Partial None
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
38 CVE-2013-2116 20 DoS 2013-07-03 2014-03-26
5.0
None Remote Low Not required None None Partial
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
39 CVE-2013-1914 119 DoS Overflow 2013-04-29 2014-01-03
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
40 CVE-2013-1619 310 2013-02-08 2014-03-26
4.0
None Remote High Not required Partial Partial None
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
41 CVE-2013-0242 119 DoS Overflow Mem. Corr. 2013-02-08 2014-01-03
5.0
None Remote Low Not required None None Partial
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
42 CVE-2013-0223 119 DoS Overflow 2013-11-23 2013-11-25
1.9
None Local Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
43 CVE-2013-0222 119 DoS Overflow 2013-11-23 2014-03-07
2.1
None Local Low Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
44 CVE-2013-0221 20 DoS Overflow 2013-11-23 2014-03-05
4.3
None Remote Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
45 CVE-2012-5667 189 Exec Code Overflow 2013-01-03 2013-01-07
4.4
None Local Medium Not required Partial Partial Partial
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
46 CVE-2012-4424 119 DoS Exec Code Overflow 2013-10-09 2013-12-13
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.
47 CVE-2012-4412 189 DoS Exec Code Overflow 2013-10-09 2013-12-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
48 CVE-2012-3509 189 DoS Overflow 2012-09-05 2012-09-06
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
49 CVE-2012-3480 189 DoS Exec Code Overflow 2012-08-25 2014-02-20
4.6
None Local Low Not required Partial Partial Partial
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
50 CVE-2012-3479 Exec Code 2012-08-25 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
Total number of vulnerabilities : 349   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.