Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-30 | CVE-2009-1416 | Cryptographic Issues vulnerability in GNU Gnutls lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | 7.5 |
| 2009-04-01 | CVE-2009-1215 | Race Condition vulnerability in GNU Screen 4.0.3 Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | 1.9 |
| 2009-04-01 | CVE-2009-1214 | Permissions, Privileges, and Access Controls vulnerability in GNU Screen 4.0.3 GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | 4.9 |
| 2008-12-19 | CVE-2008-5078 | Buffer Errors vulnerability in GNU Escript 1.6.1 Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | 6.8 |
| 2008-12-17 | CVE-2008-5659 | Cryptographic Issues vulnerability in GNU Classpath The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | 7.5 |
| 2008-11-13 | CVE-2008-4989 | Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | 5.9 |
| 2008-10-23 | CVE-2008-3863 | Buffer Errors vulnerability in GNU Enscript 1.6.1/1.6.4 Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command. | 7.6 |
| 2008-10-07 | CVE-2008-4475 | Link Following vulnerability in GNU Ibackup 2.27 ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 7.2 |
| 2008-09-04 | CVE-2008-3916 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU ED Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. | 9.3 |
| 2008-09-03 | CVE-2008-3896 | Information Exposure vulnerability in GNU Grub Legacy Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |