Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-08 | CVE-2008-2377 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. | 7.6 |
| 2008-07-28 | CVE-2008-1946 | Permissions, Privileges, and Access Controls vulnerability in GNU Coreutils 5.2.1 The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | 4.4 |
| 2008-05-12 | CVE-2008-2142 | Unspecified vulnerability in GNU Emacs and Xemacs Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. network gnu | 6.8 |
| 2008-04-22 | CVE-2008-1694 | Link Following vulnerability in GNU Emacs and Sccs vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2008-04-09 | CVE-2008-1688 | Unspecified vulnerability in GNU M4 Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. | 7.5 |
| 2008-04-09 | CVE-2008-1687 | Unspecified vulnerability in GNU M4 The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | 7.5 |
| 2008-01-03 | CVE-2007-6613 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Libcdio Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. | 5.0 |
| 2007-12-07 | CVE-2007-6109 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Emacs Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. | 10.0 |
| 2007-11-26 | CVE-2007-6130 | Improper Authentication vulnerability in GNU Gnump3D 2.9 gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
| 2007-11-02 | CVE-2007-5795 | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |