Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
CVSS Score
10.0
EPSS Score
0.031
Published
2004-12-06
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
CVSS Score
10.0
EPSS Score
0.045
Published
2004-12-06
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
CVSS Score
2.1
EPSS Score
0.003
Published
2004-11-23
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
CVSS Score
10.0
EPSS Score
0.047
Published
2004-11-23
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVSS Score
10.0
EPSS Score
0.156
Published
2004-11-23
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
CVSS Score
5.0
EPSS Score
0.024
Published
2004-10-20
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVSS Score
2.1
EPSS Score
0.006
Published
2004-10-04
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
CVSS Score
5.0
EPSS Score
0.03
Published
2004-08-18
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVSS Score
10.0
EPSS Score
0.195
Published
2004-08-09
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVSS Score
5.0
EPSS Score
0.024
Published
2004-08-09


Contact Us

Shodan ® - All rights reserved