CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3468 189 2014-06-05 2014-08-01
6.8
None Remote Medium Not required Partial Partial Partial
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
2 CVE-2014-3466 119 DoS Exec Code Overflow Mem. Corr. 2014-06-03 2014-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
3 CVE-2014-0475 22 Dir. Trav. Bypass 2014-07-29 2014-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
4 CVE-2014-0466 Exec Code 2014-04-03 2014-04-03
6.8
None Remote Medium Not required Partial Partial Partial
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
5 CVE-2013-7038 119 DoS Overflow +Info 2013-12-13 2014-02-21
6.4
None Remote Low Not required Partial None Partial
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
6 CVE-2013-4237 119 DoS Exec Code Overflow 2013-10-09 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
7 CVE-2012-3479 Exec Code 2012-08-25 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
8 CVE-2012-3406 264 DoS Exec Code Bypass 2014-02-10 2014-02-10
6.8
None Remote Medium Not required Partial Partial Partial
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
9 CVE-2012-1175 189 DoS Exec Code Overflow 2012-08-26 2012-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.
10 CVE-2012-0864 189 Overflow Bypass 2013-05-02 2013-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
11 CVE-2011-4355 264 +Priv 2013-03-05 2013-03-06
6.9
None Local Medium Not required Complete Complete Complete
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
12 CVE-2011-1178 189 DoS Exec Code Overflow 2011-06-06 2013-05-14
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
13 CVE-2011-1095 264 +Priv 2011-04-09 2012-01-26
6.2
None Local High Not required Complete Complete Complete
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
14 CVE-2011-0536 +Priv 2011-04-08 2012-01-26
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
15 CVE-2010-4542 119 DoS Exec Code Overflow 2011-01-07 2014-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
16 CVE-2010-4540 119 DoS Exec Code Overflow 2011-01-07 2014-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
17 CVE-2010-3847 59 +Priv 2011-01-07 2011-03-07
6.9
None Local Medium Not required Complete Complete Complete
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
18 CVE-2010-2252 20 Exec Code 2010-07-06 2014-03-07
6.8
None Remote Medium Not required Partial Partial Partial
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
19 CVE-2010-0624 119 DoS Exec Code Overflow Mem. Corr. 2010-03-15 2012-02-01
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
20 CVE-2010-0001 189 DoS Exec Code 2010-01-29 2011-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
21 CVE-2009-5078 2011-06-30 2011-06-30
6.4
None Remote Low Not required None Partial Partial
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
22 CVE-2009-5064 264 +Priv 2011-03-30 2012-01-18
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."
23 CVE-2009-5029 189 DoS Exec Code Overflow 2013-05-02 2013-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
24 CVE-2009-3736 +Priv 2009-11-29 2013-11-24
6.9
None Local Medium Not required Complete Complete Complete
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
25 CVE-2009-3490 310 2009-09-30 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
26 CVE-2009-2624 20 DoS Exec Code 2010-01-29 2010-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
27 CVE-2008-5078 119 Exec Code Overflow 2008-12-19 2010-08-21
6.8
User Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
28 CVE-2008-4100 16 1 2008-09-18 2008-09-19
6.4
None Remote Low Not required None Partial Partial
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
29 CVE-2008-2142 Exec Code 2008-05-12 2009-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
30 CVE-2008-1685 119 Overflow 2008-04-06 2012-10-29
6.8
User Remote Medium Not required Partial Partial Partial
** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).
31 CVE-2007-5795 Bypass 2007-11-02 2008-11-15
6.3
None Local Medium Not required None Complete Complete
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
32 CVE-2007-5377 59 2007-10-11 2008-11-15
6.9
None Local Medium Not required Complete Complete Complete
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
33 CVE-2007-4131 Dir. Trav. 2007-08-24 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
34 CVE-2007-2452 Exec Code Overflow 2007-06-04 2010-07-20
6.0
User Remote Medium Single system Partial Partial Partial
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
35 CVE-2006-7151 Exec Code 2007-03-07 2008-09-05
6.6
Admin Local Medium Single system Complete Complete Complete
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
36 CVE-2006-3636 XSS 2006-09-05 2010-09-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2005-3355 22 Dir. Trav. 2005-11-18 2011-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
38 CVE-2004-2264 DoS Exec Code 2004-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.
39 CVE-2003-0965 XSS 2004-02-17 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
40 CVE-2000-0151 Exec Code 2000-02-01 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.