gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
Max CVSS
5.0
EPSS Score
0.64%
Published
2007-11-26
Updated
2011-03-08
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Max CVSS
10.0
EPSS Score
1.01%
Published
2007-12-07
Updated
2018-10-03
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
Max CVSS
6.3
EPSS Score
0.09%
Published
2007-11-02
Updated
2017-07-29
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-10-12
Updated
2011-03-08
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Max CVSS
7.5
EPSS Score
0.63%
Published
2007-09-05
Updated
2021-05-17
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Max CVSS
6.8
EPSS Score
2.41%
Published
2007-08-25
Updated
2018-10-15
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
Max CVSS
4.3
EPSS Score
2.05%
Published
2007-08-27
Updated
2023-02-13
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-06-05
Updated
2024-03-21
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
Max CVSS
7.8
EPSS Score
4.41%
Published
2007-06-21
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
Max CVSS
4.3
EPSS Score
0.62%
Published
2007-05-22
Updated
2017-07-29
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
Max CVSS
10.0
EPSS Score
9.58%
Published
2007-05-04
Updated
2017-07-29
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
Max CVSS
6.0
EPSS Score
0.70%
Published
2007-06-04
Updated
2018-10-16
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Max CVSS
7.8
EPSS Score
0.67%
Published
2007-04-22
Updated
2018-10-16
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Max CVSS
5.0
EPSS Score
5.68%
Published
2007-03-06
Updated
2018-10-16
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
Max CVSS
5.0
EPSS Score
27.44%
Published
2007-03-06
Updated
2018-10-16
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
Max CVSS
6.6
EPSS Score
0.04%
Published
2007-03-07
Updated
2018-10-16
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-01-17
Updated
2017-07-29
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!