Gnu: Security Vulnerabilities
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVSS Score
2.1
EPSS Score
0.001
Published
2000-04-18
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
CVSS Score
3.6
EPSS Score
0.001
Published
2000-04-18
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-04-18
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
CVSS Score
6.2
EPSS Score
0.001
Published
2000-02-01
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
CVSS Score
4.6
EPSS Score
0.001
Published
1999-08-05
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-07-21
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-04-20
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.
CVSS Score
5.0
EPSS Score
0.005
Published
1999-01-02
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVSS Score
7.5
EPSS Score
0.005
Published
1997-12-10
Land IP denial of service.
CVSS Score
5.0
EPSS Score
0.788
Published
1997-12-01