Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-06 | CVE-2006-3636 | Multiple Security vulnerability in GNU Mailman Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network gnu | 6.8 |
| 2006-09-06 | CVE-2006-2941 | Multiple Security vulnerability in GNU Mailman Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | 5.0 |
| 2006-08-31 | CVE-2006-4146 | Buffer Errors vulnerability in GNU GDB 6.5 Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. | 5.1 |
| 2006-04-20 | CVE-2006-1902 | Buffer Errors vulnerability in GNU GCC 4.1 fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." | 2.1 |
| 2006-03-31 | CVE-2006-0052 | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber Malformed MIME Message The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | 5.0 |
| 2006-03-13 | CVE-2006-0049 | Unspecified vulnerability in GNU Privacy Guard gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | 5.0 |
| 2006-02-24 | CVE-2006-0300 | Buffer Overflow vulnerability in GNU Tar Invalid Headers Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | 5.1 |
| 2006-01-22 | CVE-2006-0353 | Information Exposure vulnerability in GNU LSH 2.0.1 unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | 3.6 |
| 2006-01-04 | CVE-2006-0075 | Unspecified vulnerability in GNU PHPbook Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | 7.5 |
| 2005-12-31 | CVE-2005-4808 | Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | 7.6 |