| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-20483 |
255 |
|
+Info |
2018-12-26 |
2019-04-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. |
|
2 |
CVE-2017-1000455 |
346 |
|
|
2018-01-02 |
2018-01-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. |
|
3 |
CVE-2017-1000383 |
200 |
|
+Info |
2017-10-31 |
2017-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. |
|
4 |
CVE-2017-11671 |
338 |
|
|
2017-07-26 |
2018-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. |
|
5 |
CVE-2016-9401 |
416 |
|
Bypass |
2017-01-23 |
2019-03-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. |
|
6 |
CVE-2016-2781 |
20 |
|
|
2017-02-07 |
2017-02-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
|
7 |
CVE-2015-8777 |
254 |
|
Bypass |
2016-01-20 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
|
8 |
CVE-2015-1345 |
119 |
|
DoS Overflow |
2015-02-12 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. |
|
9 |
CVE-2013-4577 |
264 |
|
|
2014-05-12 |
2014-05-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. |
|
10 |
CVE-2013-2207 |
264 |
|
|
2013-10-09 |
2017-06-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
|
11 |
CVE-2013-0222 |
119 |
|
DoS Overflow |
2013-11-23 |
2019-04-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. |
|
12 |
CVE-2011-5320 |
119 |
|
DoS Overflow |
2017-10-18 |
2017-11-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. |
|
13 |
CVE-2010-0002 |
20 |
|
|
2010-01-14 |
2011-08-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. |
|
14 |
CVE-2008-3896 |
200 |
|
+Info |
2008-09-03 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. |
|
15 |
CVE-2006-7254 |
19 |
|
DoS |
2019-04-10 |
2019-04-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. |
|
16 |
CVE-2006-4624 |
94 |
|
|
2006-09-07 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. |
|
17 |
CVE-2006-4573 |
|
|
DoS |
2006-10-24 |
2010-09-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. |
|
18 |
CVE-2006-1902 |
119 |
|
Overflow |
2006-04-20 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." |
|
19 |
CVE-2006-1712 |
|
|
XSS |
2006-04-11 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. |
|
20 |
CVE-2005-3137 |
|
|
|
2005-10-05 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. |
|
21 |
CVE-2005-2960 |
|
|
|
2005-10-05 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. |
|
22 |
CVE-2005-2180 |
|
|
|
2005-07-11 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. |
|
23 |
CVE-2005-1918 |
22 |
|
Dir. Trav. |
2005-12-31 |
2018-10-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". |
|
24 |
CVE-2005-0990 |
|
|
|
2005-05-02 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. |
|
25 |
CVE-2004-2459 |
|
|
|
2004-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. |
|
26 |
CVE-2004-2014 |
|
|
|
2004-12-31 |
2018-10-03 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. |
|
27 |
CVE-2004-1453 |
|
|
|
2004-12-31 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. |
|
28 |
CVE-2004-1382 |
|
|
|
2004-12-31 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. |
|
29 |
CVE-2004-1377 |
|
|
|
2004-12-27 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
30 |
CVE-2004-1296 |
|
|
|
2004-12-31 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
31 |
CVE-2004-0970 |
|
|
|
2005-02-09 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. |
|
32 |
CVE-2004-0969 |
|
|
|
2005-02-09 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
|
33 |
CVE-2004-0968 |
|
|
|
2005-02-09 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. |
|
34 |
CVE-2004-0966 |
|
|
|
2005-02-09 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
|
35 |
CVE-2004-0797 |
|
|
DoS |
2004-10-20 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). |
|
36 |
CVE-2004-0422 |
|
|
|
2004-07-07 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack. |
|
37 |
CVE-2004-0256 |
|
|
|
2004-11-23 |
2018-05-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. |
|
38 |
CVE-2003-0858 |
399 |
|
DoS |
2003-12-15 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
|
39 |
CVE-2003-0854 |
|
|
|
2003-11-17 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. |
|
40 |
CVE-2003-0367 |
20 |
|
|
2003-07-02 |
2019-05-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
41 |
CVE-2002-0389 |
|
|
|
2002-06-18 |
2016-12-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. |
|
42 |
CVE-2001-1593 |
59 |
|
|
2014-04-05 |
2014-04-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. |
|
43 |
CVE-2001-1267 |
|
|
Dir. Trav. |
2001-07-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). |
|
44 |
CVE-2001-0071 |
|
|
|
2001-02-12 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. |
|
45 |
CVE-2000-0269 |
|
|
|
2000-04-18 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess. |
