GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
Max CVSS
10.0
EPSS Score
0.56%
Published
2000-12-19
Updated
2021-05-10
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-12-19
Updated
2017-10-10
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
Max CVSS
10.0
EPSS Score
12.74%
Published
2003-05-27
Updated
2018-05-03
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2003-12-15
Updated
2016-10-18
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
Max CVSS
10.0
EPSS Score
3.90%
Published
2004-11-23
Updated
2017-07-11
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
Max CVSS
10.0
EPSS Score
9.39%
Published
2004-11-23
Updated
2017-07-11
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Max CVSS
10.0
EPSS Score
0.50%
Published
2004-12-06
Updated
2017-07-11
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
Max CVSS
10.0
EPSS Score
2.69%
Published
2004-12-06
Updated
2017-07-11
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Max CVSS
10.0
EPSS Score
3.41%
Published
2005-01-10
Updated
2018-10-19
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
Max CVSS
10.0
EPSS Score
13.31%
Published
2004-08-09
Updated
2017-07-11
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
0.63%
Published
2005-08-10
Updated
2021-06-18
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
46.34%
Published
2006-11-28
Updated
2017-07-20
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
Max CVSS
10.0
EPSS Score
6.08%
Published
2006-12-07
Updated
2018-10-17
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
Max CVSS
10.0
EPSS Score
9.58%
Published
2007-05-04
Updated
2017-07-29
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Max CVSS
10.0
EPSS Score
1.01%
Published
2007-12-07
Updated
2018-10-03
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
Max CVSS
10.0
EPSS Score
8.41%
Published
2008-05-21
Updated
2018-10-11

CVE-2011-4862

Public exploit
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Max CVSS
10.0
EPSS Score
97.19%
Published
2011-12-25
Updated
2021-02-09

CVE-2014-6271

Known exploited
Public exploit
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Max CVSS
10.0
EPSS Score
97.56%
Published
2014-09-24
Updated
2021-11-17
CISA KEV Added
2022-01-28
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
Max CVSS
10.0
EPSS Score
97.31%
Published
2014-09-27
Updated
2018-08-09

CVE-2014-6278

Public exploit
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
Max CVSS
10.0
EPSS Score
97.35%
Published
2014-09-30
Updated
2021-11-17

CVE-2014-7169

Known exploited
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
Max CVSS
10.0
EPSS Score
97.35%
Published
2014-09-25
Updated
2021-11-17
CISA KEV Added
2022-01-28
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
Max CVSS
10.0
EPSS Score
97.51%
Published
2014-09-28
Updated
2018-10-09
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Max CVSS
10.0
EPSS Score
97.37%
Published
2014-09-28
Updated
2018-10-09
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
Max CVSS
10.0
EPSS Score
0.91%
Published
2015-04-14
Updated
2018-10-30

CVE-2015-0235

Public exploit
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Max CVSS
10.0
EPSS Score
97.52%
Published
2015-01-28
Updated
2022-07-05
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!