Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
CVSS Score
2.6
EPSS Score
0.01
Published
2004-12-31
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
CVSS Score
6.4
EPSS Score
0.02
Published
2004-12-31
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
CVSS Score
2.1
EPSS Score
0.006
Published
2004-12-31
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.
CVSS Score
5.0
EPSS Score
0.016
Published
2004-12-31
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.025
Published
2004-12-31
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
CVSS Score
7.8
EPSS Score
0.017
Published
2004-12-31
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS Score
2.1
EPSS Score
0.004
Published
2004-12-27
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
CVSS Score
5.0
EPSS Score
0.016
Published
2004-12-23
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVSS Score
7.2
EPSS Score
0.004
Published
2004-12-23
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
CVSS Score
5.0
EPSS Score
0.016
Published
2004-12-06


Contact Us

Shodan ® - All rights reserved