Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-12 | CVE-2007-5377 | Link Following vulnerability in GNU Tramp 2.1.10 The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 6.9 |
| 2007-09-05 | CVE-2007-4476 | Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | 7.5 |
| 2007-08-25 | CVE-2007-4131 | Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. | 6.8 |
| 2007-06-21 | CVE-2007-2833 | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
| 2007-06-04 | CVE-2007-2452 | Local Buffer Overflow vulnerability in GNU Locate Old Format Locate Database Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. network gnu | 6.0 |
| 2007-05-22 | CVE-2007-2808 | Cross-Site Scripting vulnerability in GNU GNATS Gnatsweb.PL Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | 4.3 |
| 2007-05-04 | CVE-2007-2500 | Remote Code Execution vulnerability in GNU Flash Player 0.7.2 server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | 10.0 |
| 2007-04-22 | CVE-2007-2162 | Denial-Of-Service vulnerability in Iceweasel (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 7.8 |
| 2007-03-07 | CVE-2006-7151 | Unspecified vulnerability in GNU Libtool-Ltdl 1.5.222.3 Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | 6.6 |
| 2007-03-06 | CVE-2007-1269 | Unspecified vulnerability in GNU Gnumail 1.1.2 GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |