CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5119 189 DoS Exec Code 2014-08-29 2014-09-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
2 CVE-2012-4412 189 DoS Exec Code Overflow 2013-10-09 2013-12-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
3 CVE-2012-1663 399 1 DoS 2012-03-13 2013-12-12
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
4 CVE-2010-4543 119 DoS Exec Code Overflow 2011-01-07 2014-02-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
5 CVE-2010-3856 264 +Priv 2011-01-07 2011-02-12
7.2
None Local Low Not required Complete Complete Complete
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
6 CVE-2010-0731 119 Overflow Bypass 2010-03-26 2010-09-09
7.5
None Remote Low Not required Partial Partial Partial
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
7 CVE-2010-0296 20 DoS +Priv 2010-06-01 2011-10-25
7.2
None Local Low Not required Complete Complete Complete
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
8 CVE-2010-0015 255 +Info 2010-01-14 2010-06-17
7.5
None Remote Low Not required Partial Partial Partial
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
9 CVE-2009-4128 287 Bypass 2009-12-01 2009-12-02
7.2
None Local Low Not required Complete Complete Complete
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
10 CVE-2009-2730 310 2009-08-12 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
11 CVE-2009-1416 310 2009-04-30 2009-06-10
7.5
User Remote Low Not required Partial Partial Partial
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
12 CVE-2008-5659 310 2008-12-17 2009-01-06
7.5
User Remote Low Not required Partial Partial Partial
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
13 CVE-2008-4475 59 2008-10-07 2008-11-11
7.2
None Local Low Not required Complete Complete Complete
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
14 CVE-2008-3863 119 Exec Code Overflow 2008-10-23 2012-11-05
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
15 CVE-2008-2377 119 DoS Exec Code Overflow 2008-08-08 2009-06-19
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
16 CVE-2008-1688 Exec Code 2008-04-09 2009-04-01
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
17 CVE-2008-1687 2008-04-09 2009-03-18
7.5
User Remote Low Not required Partial Partial Partial
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
18 CVE-2008-1367 399 Mem. Corr. 2008-03-17 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
19 CVE-2007-4476 119 Overflow 2007-09-04 2011-07-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
20 CVE-2007-3048 2007-06-05 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
21 CVE-2007-2833 DoS 2007-06-21 2008-09-05
7.8
None Remote Low Not required None None Complete
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
22 CVE-2007-2162 DoS 2007-04-22 2008-09-05
7.8
None Remote Low Not required None None Complete
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
23 CVE-2006-2362 DoS Exec Code Overflow 2006-05-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
24 CVE-2006-2191 Exec Code 2006-09-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
25 CVE-2006-0075 Exec Code 2006-01-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
26 CVE-2005-4808 Overflow 2005-12-31 2008-09-17
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
27 CVE-2005-4807 119 Exec Code Overflow 2005-12-31 2011-08-02
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
28 CVE-2005-4153 DoS Overflow 2005-12-10 2010-08-21
7.8
None Remote Low Not required None None Complete
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
29 CVE-2005-2878 Exec Code 2005-09-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
30 CVE-2005-2096 DoS Overflow 2005-07-06 2012-10-30
7.5
User Remote Low Not required Partial Partial Partial
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
31 CVE-2005-1824 Sql 2005-06-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
32 CVE-2005-1705 Exec Code 2005-05-24 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
33 CVE-2005-1523 Exec Code 2005-05-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
34 CVE-2005-1521 Exec Code Overflow 2005-05-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
35 CVE-2005-1520 Exec Code Overflow 2005-05-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
36 CVE-2005-0100 Exec Code 2005-02-07 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
37 CVE-2004-2531 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
38 CVE-2004-2461 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
39 CVE-2004-1773 Exec Code Overflow 2004-12-31 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
40 CVE-2004-1485 Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
41 CVE-2004-1337 +Priv 2004-12-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
42 CVE-2004-1185 Exec Code 2005-01-21 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
43 CVE-2004-1143 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
44 CVE-2004-0984 +Priv 2004-12-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
45 CVE-2004-0555 Exec Code Overflow 2004-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
46 CVE-2004-0548 Exec Code Overflow 2004-08-06 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
47 CVE-2003-0978 DoS Exec Code 2004-01-05 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
48 CVE-2003-0849 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
49 CVE-2003-0826 Exec Code Overflow 2003-10-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
50 CVE-2003-0107 DoS Exec Code Overflow 2003-03-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Total number of vulnerabilities : 74   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.