Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVSS Score
1.2
EPSS Score
0.003
Published
2001-08-07
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVSS Score
7.5
EPSS Score
0.114
Published
2001-07-26
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVSS Score
2.1
EPSS Score
0.011
Published
2001-07-12
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
CVSS Score
10.0
EPSS Score
0.055
Published
2001-05-03
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
CVSS Score
4.6
EPSS Score
0.003
Published
2001-05-03
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
CVSS Score
2.1
EPSS Score
0.004
Published
2001-02-12
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
CVSS Score
5.0
EPSS Score
0.02
Published
2001-02-12
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVSS Score
4.6
EPSS Score
0.004
Published
2001-01-09
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVSS Score
10.0
EPSS Score
0.023
Published
2000-12-19
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
CVSS Score
10.0
EPSS Score
0.025
Published
2000-12-19


Contact Us

Shodan ® - All rights reserved