Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-10-06 | CVE-2003-0826 | Unspecified vulnerability in GNU LSH 1.4/1.4.1/1.4.2 lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | 7.5 |
2003-07-02 | CVE-2003-0367 | Improper Input Validation vulnerability in multiple products znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2003-05-27 | CVE-2003-0255 | Unspecified vulnerability in GNU Privacy Guard The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | 10.0 |
2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | 7.5 |
2003-02-07 | CVE-2003-0038 | Cross-Site Scripting vulnerability in GNU Mailman 2.1 Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. network gnu | 4.3 |
2002-12-31 | CVE-2002-2099 | Local Security vulnerability in GNU Data Display Debugger 3.3.1 Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. | 7.2 |
2002-12-18 | CVE-2002-1344 | Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. | 5.0 |
2002-11-12 | CVE-2002-1265 | Denial Of Service vulnerability in Multiple Vendor Sun RPC LibC TCP Time-Out The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | 5.0 |
2002-10-28 | CVE-2002-1216 | Remote Security vulnerability in tar GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | 5.0 |
2002-10-11 | CVE-2002-1146 | Unspecified vulnerability in GNU Glibc The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | 5.0 |