Gnu: Security Vulnerabilities
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
CVSS Score
7.5
EPSS Score
0.111
Published
2001-08-14
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVSS Score
1.2
EPSS Score
0.002
Published
2001-08-07
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVSS Score
7.5
EPSS Score
0.212
Published
2001-07-26
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVSS Score
2.1
EPSS Score
0.001
Published
2001-07-12
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
CVSS Score
10.0
EPSS Score
0.012
Published
2001-05-03
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
CVSS Score
4.6
EPSS Score
0.001
Published
2001-05-03
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-02-12
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
CVSS Score
5.0
EPSS Score
0.01
Published
2001-02-12
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVSS Score
4.6
EPSS Score
0.001
Published
2001-01-09
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVSS Score
10.0
EPSS Score
0.008
Published
2000-12-19