Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4807 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | 7.5 |
2005-12-31 | CVE-2005-1918 | Path Traversal vulnerability in multiple products The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | 2.6 |
2005-12-15 | CVE-2005-4268 | Buffer Errors vulnerability in GNU Cpio 2.68 Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. | 3.7 |
2005-12-11 | CVE-2005-4153 | Denial Of Service vulnerability in GNU Mailman 2.1.4/2.1.5/2.1.6 Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | 7.8 |
2005-11-18 | CVE-2005-3355 | Path Traversal vulnerability in GNU Gnump3D Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | 6.4 |
2005-11-18 | CVE-2005-3349 | Link Following vulnerability in GNU Gnump3D GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | 1.9 |
2005-11-16 | CVE-2005-3573 | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber UTF8 Filename Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | 5.0 |
2005-11-01 | CVE-2005-3425 | Cross-Site Scripting vulnerability in GNU gnump3d Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. network gnu | 4.3 |
2005-11-01 | CVE-2005-3424 | Cross-Site Scripting vulnerability in GNU gnump3d Error Page Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. network gnu | 4.3 |
2005-10-30 | CVE-2005-3123 | Directory Traversal vulnerability in GNU gnump3d Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | 5.0 |