Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-10-10 | CVE-2002-0399 | Unspecified vulnerability in GNU TAR 1.13.25 Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | 5.0 |
2002-09-05 | CVE-2002-0855 | Cross-Site Scripting vulnerability in GNU Mailman 2.0.12 Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | 7.5 |
2002-08-12 | CVE-2002-0684 | Remote Security vulnerability in glibc Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | 7.5 |
2002-07-26 | CVE-2002-0435 | Unspecified vulnerability in GNU Fileutils 4.0/4.1/4.1.6 Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. | 1.2 |
2002-06-18 | CVE-2002-0389 | Unspecified vulnerability in GNU Mailman Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. | 2.1 |
2002-06-18 | CVE-2002-0388 | HTML Injection vulnerability in GNU Mailman Pipermail Index Summary Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | 7.5 |
2002-05-29 | CVE-2002-0178 | Symbolic Link Attack vulnerability in GNU Sharutils 4.2 uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | 7.2 |
2002-05-16 | CVE-2002-0204 | Buffer Overflow vulnerability in GNU Chess 5.02 Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | 7.5 |
2002-04-23 | CVE-2002-1602 | Buffer Overflow vulnerability in GNU Screen Braille Module Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | 4.6 |
2002-03-04 | CVE-2001-1377 | Denial Of Service vulnerability in Multiple Vendor Radius Short Vendor-Length Field Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. network low complexity freeradius gnu icradius livingston lucent miquel-van-smoorenburg-cistron openradius radiusclient xtradius yard-radius yard-radius-project | 5.0 |