Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-11-14 | CVE-2000-0824 | Unspecified vulnerability in GNU Glibc 2.1.1 The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. | 7.2 |
2000-11-01 | CVE-2000-1219 | Unspecified vulnerability in GNU G++ and GCC The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. | 7.5 |
2000-10-20 | CVE-2000-0786 | Unspecified vulnerability in GNU Userv 1.0.0 GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. | 4.6 |
2000-05-03 | CVE-2000-0335 | The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | 7.5 |
2000-02-01 | CVE-2000-0151 | Unspecified vulnerability in GNU Make 3.77.44 GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | 6.2 |
1999-08-05 | CVE-1999-0719 | Unspecified vulnerability in GNU Gnumeric 0.27 The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | 4.6 |
1999-07-21 | CVE-1999-1165 | Unspecified vulnerability in GNU Fingerd 1.37 GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. | 7.2 |
1999-01-02 | CVE-1999-0402 | Unspecified vulnerability in GNU Wget 1.5.3 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | 5.0 |
1997-12-10 | CVE-1999-0017 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | 7.5 |
1997-12-01 | CVE-1999-0016 | Land IP denial of service. | 5.0 |