Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-05 | CVE-2003-0978 | Unspecified vulnerability in GNU Privacy Guard Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. | 7.5 |
2003-12-31 | CVE-2003-1232 | Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1 Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | 5.1 |
2003-12-15 | CVE-2003-0972 | Unspecified vulnerability in GNU Screen Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. | 10.0 |
2003-12-15 | CVE-2003-0971 | Unspecified vulnerability in GNU Privacy Guard GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | 5.0 |
2003-12-15 | CVE-2003-0859 | The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | 4.9 |
2003-12-15 | CVE-2003-0858 | Resource Management Errors vulnerability in multiple products Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | 2.1 |
2003-12-15 | CVE-2003-0795 | Improper Input Validation vulnerability in multiple products The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | 5.0 |
2003-11-17 | CVE-2003-0854 | ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | 2.1 |
2003-11-17 | CVE-2003-0853 | Integer Overflow vulnerability in Coreutils LS Width Argument An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | 5.0 |
2003-11-17 | CVE-2003-0849 | Remote Security vulnerability in Cfengine Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | 7.5 |