Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-15 | CVE-2010-0624 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Cpio and TAR Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | 6.8 |
2010-01-29 | CVE-2009-2624 | Improper Input Validation vulnerability in GNU Gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. | 6.8 |
2010-01-14 | CVE-2010-0015 | Credentials Management vulnerability in GNU Glibc 2.10.2/2.7 nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. | 7.5 |
2010-01-14 | CVE-2010-0002 | Improper Input Validation vulnerability in GNU Bash The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. | 2.1 |
2009-12-20 | CVE-2009-4029 | Race Condition vulnerability in GNU Automake 1.10.3/1.11.1/Branch The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | 4.4 |
2009-11-29 | CVE-2009-3736 | Local Privilege Escalation vulnerability in GNU Libtool 'libltdl' Library Search Path ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. local gnu | 6.9 |
2009-09-30 | CVE-2009-3490 | Cryptographic Issues vulnerability in GNU Wget GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
2009-08-12 | CVE-2009-2730 | Cryptographic Issues vulnerability in GNU Gnutls libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 7.5 |
2009-06-16 | CVE-2009-1390 | Improper Authentication vulnerability in Mutt 1.5.19 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | 6.8 |
2009-04-30 | CVE-2009-1417 | Cryptographic Issues vulnerability in GNU Gnutls gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. | 5.0 |