CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3469 DoS 2014-06-05 2014-11-13
4.3
None Remote Medium Not required None None Partial
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
2 CVE-2014-3467 DoS 2014-06-05 2014-11-13
4.3
None Remote Medium Not required None None Partial
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
3 CVE-2013-6889 264 2014-05-08 2014-05-09
4.9
None Local Low Not required Complete None None
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
4 CVE-2013-4332 189 DoS Overflow 2013-10-09 2014-01-03
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
5 CVE-2013-1619 310 2013-02-08 2014-03-26
4.0
None Remote High Not required Partial Partial None
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
6 CVE-2013-0221 20 DoS Overflow 2013-11-23 2014-03-05
4.3
None Remote Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
7 CVE-2012-5667 189 Exec Code Overflow 2013-01-03 2013-01-07
4.4
None Local Medium Not required Partial Partial Partial
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
8 CVE-2012-3480 189 DoS Exec Code Overflow 2012-08-25 2014-02-20
4.6
None Local Low Not required Partial Partial Partial
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
9 CVE-2012-3410 119 Overflow Bypass 2012-08-27 2013-04-18
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
10 CVE-2012-3386 264 Exec Code 2012-08-07 2013-04-04
4.4
None Local Medium Not required Partial Partial Partial
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
11 CVE-2012-3236 119 1 DoS Overflow 2012-07-12 2013-12-05
4.3
None Remote Medium Not required None None Partial
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
12 CVE-2012-0390 310 Exec Code 2012-01-05 2014-03-26
4.3
None Remote Medium Not required Partial None None
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
13 CVE-2011-5024 79 XSS 2011-12-29 2013-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
14 CVE-2011-4128 119 DoS Overflow 2011-12-08 2013-05-03
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
15 CVE-2011-0707 79 XSS 2011-02-22 2014-02-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
16 CVE-2010-4756 399 DoS 2011-03-02 2011-03-04
4.0
None Remote Low Single system None None Partial
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
17 CVE-2010-0825 264 2010-04-05 2010-05-13
4.4
None Local Medium Not required Partial Partial Partial
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
18 CVE-2009-4135 59 +Priv 2009-12-11 2009-12-31
4.4
None Local Medium Not required Partial Partial Partial
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
19 CVE-2009-4029 362 2009-12-19 2012-08-08
4.4
None Local Medium Not required Partial Partial Partial
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
20 CVE-2009-1415 255 DoS 2009-04-30 2009-06-10
4.3
None Remote Medium Not required None None Partial
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
21 CVE-2009-1214 264 +Info 2009-04-01 2009-05-13
4.9
None Local Low Not required Complete None None
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
22 CVE-2008-4989 255 2008-11-12 2012-10-30
4.3
None Remote Medium Not required None Partial None
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
23 CVE-2008-1946 264 +Priv 2008-07-28 2010-08-21
4.4
User Local Medium Not required Partial Partial Partial
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
24 CVE-2008-1694 59 2008-04-22 2009-02-21
4.6
User Local Low Not required Partial Partial Partial
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
25 CVE-2007-3741 DoS 2007-08-27 2010-11-30
4.3
None Remote Medium Not required None None Partial
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
26 CVE-2007-2808 XSS 2007-05-22 2012-11-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
27 CVE-2006-6939 2007-01-16 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
28 CVE-2006-6097 2006-11-24 2010-09-15
4.0
None Remote High Not required None Partial Partial
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
29 CVE-2006-4810 Exec Code Overflow 2006-11-08 2010-09-15
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
30 CVE-2006-0455 2006-02-15 2011-10-18
4.6
User Local Low Not required Partial Partial Partial
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
31 CVE-2005-3425 XSS 2005-11-01 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
32 CVE-2005-3424 XSS 2005-11-01 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
33 CVE-2005-2397 XSS 2005-07-27 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
34 CVE-2005-1704 Exec Code Overflow 2005-05-24 2010-08-21
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
35 CVE-2005-1229 Dir. Trav. 2005-05-02 2013-09-13
4.6
User Local Low Not required Partial Partial Partial
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
36 CVE-2005-0758 Exec Code 2005-05-13 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
37 CVE-2004-2093 DoS Exec Code Overflow 2004-02-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
38 CVE-2004-1772 Exec Code Overflow 2004-12-31 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
39 CVE-2004-1184 Exec Code 2005-01-21 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
40 CVE-2004-1177 XSS 2005-01-10 2010-08-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
41 CVE-2004-0581 2004-08-06 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
42 CVE-2003-0992 XSS 2004-02-17 2008-09-10
4.3
None Remote Medium Not required Partial None None
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
43 CVE-2003-0859 DoS 2003-12-15 2010-08-21
4.9
None Local Low Not required None None Complete
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
44 CVE-2003-0038 XSS 2003-02-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
45 CVE-2002-1602 Exec Code Overflow 2002-04-23 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
46 CVE-2001-0290 2001-05-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
47 CVE-2000-1137 2001-01-09 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
48 CVE-2000-0786 Bypass 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
49 CVE-2000-0701 +Priv 2000-10-20 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
50 CVE-2000-0271 2000-04-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Total number of vulnerabilities : 53   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.