Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Filter

88 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-10846 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-10-03 1.9
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover...
CVE-2018-20482 3 Gnu, Debian, Opensuse 3 Tar, Debian Linux, Leap 2019-10-03 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2018-10754 1 Gnu 1 Ncurses 2019-08-30 2.1
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-16868 1 Gnu 1 Gnutls 2019-05-30 3.3
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use...
CVE-2003-0367 5 Turbolinux, Openpkg, Mandrakesoft and 2 more 9 Mandrake Multi Network Firewall, Turbolinux Advanced Server, Mandrake Linux Corporate Server and 6 more 2019-05-23 2.1
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2018-0618 2 Gnu, Debian 2 Mailman, Debian Linux 2019-04-22 3.5
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0222 4 Gnu, Novell, Redhat and 1 more 4 Coreutils, Enterprise Linux, Opensuse and 1 more 2019-04-22 2.1
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
CVE-2013-0223 4 Gnu, Novell, Redhat and 1 more 4 Coreutils, Enterprise Linux, Opensuse and 1 more 2019-04-22 1.9
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer...
CVE-2006-7254 1 Gnu 1 Glibc 2019-04-11 2.1
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
CVE-2018-20483 1 Gnu 1 Wget 2019-04-09 2.1
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g.,...
CVE-2016-9401 1 Gnu 1 Bash 2019-03-25 2.1
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2019-7309 1 Gnu 1 Glibc 2019-02-27 2.1
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
CVE-2015-4156 3 Gnu, Novell, Opensuse 3 Parallel, Opensuse, Opensuse 2018-10-30 3.6
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-1345 3 Gnu, Novell, Opensuse 3 Grep, Opensuse, Opensuse 2018-10-30 2.1
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
CVE-2014-2524 5 Fedoraproject, Mageia, Gnu and 2 more 5 Readline, Fedora, Mageia and 2 more 2018-10-30 3.3
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2005-3011 1 Gnu 1 Texinfo 2018-10-19 1.2
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-1918 2 Gnu, Redhat 4 Enterprise Linux Desktop, Enterprise Linux, Tar and 1 more 2018-10-19 2.6
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file,...
CVE-2006-1902 1 Gnu 1 Gcc 2018-10-18 2.1
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer...
CVE-2006-4624 1 Gnu 1 Mailman 2018-10-17 2.6
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
CVE-2008-3896 1 Gnu 1 Grub Legacy 2018-10-11 2.1
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory...