Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Max CVSS
5.0
EPSS Score
1.64%
Published
2008-01-03
Updated
2017-08-08
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
Max CVSS
7.5
EPSS Score
1.50%
Published
2008-03-17
Updated
2017-09-29
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
Max CVSS
6.8
EPSS Score
0.19%
Published
2008-04-06
Updated
2024-03-21
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
Max CVSS
7.5
EPSS Score
1.37%
Published
2008-04-09
Updated
2017-08-08
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
Max CVSS
7.5
EPSS Score
2.10%
Published
2008-04-09
Updated
2017-08-08
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-04-22
Updated
2018-10-03
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
Max CVSS
4.4
EPSS Score
0.04%
Published
2008-07-28
Updated
2017-09-29
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
Max CVSS
10.0
EPSS Score
8.41%
Published
2008-05-21
Updated
2018-10-11
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Max CVSS
9.3
EPSS Score
5.13%
Published
2008-05-21
Updated
2018-10-11
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
Max CVSS
5.0
EPSS Score
6.26%
Published
2008-05-21
Updated
2018-10-11
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
Max CVSS
6.8
EPSS Score
0.38%
Published
2008-05-12
Updated
2018-10-11
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
Max CVSS
7.6
EPSS Score
2.61%
Published
2008-08-08
Updated
2017-08-08
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
Max CVSS
7.6
EPSS Score
29.20%
Published
2008-10-23
Updated
2018-10-11
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-09-03
Updated
2018-10-11
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Max CVSS
9.3
EPSS Score
0.46%
Published
2008-09-04
Updated
2018-10-11
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
Max CVSS
6.4
EPSS Score
1.05%
Published
2008-09-18
Updated
2023-02-13
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-10-07
Updated
2017-08-08
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
Max CVSS
5.9
EPSS Score
0.19%
Published
2008-11-13
Updated
2024-02-09
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
Max CVSS
6.8
EPSS Score
11.09%
Published
2008-12-19
Updated
2017-09-29
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Max CVSS
7.5
EPSS Score
0.33%
Published
2008-12-17
Updated
2017-08-08
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!