GNU : Security Vulnerabilities, CVEs, Published In May 2007
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
Max CVSS
4.3
EPSS Score
0.62%
Published
2007-05-22
Updated
2017-07-29
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
Max CVSS
10.0
EPSS Score
9.58%
Published
2007-05-04
Updated
2017-07-29
2 vulnerabilities found