Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
CVSS Score
1.2
EPSS Score
0.003
Published
2000-12-19
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
CVSS Score
7.2
EPSS Score
0.007
Published
2000-12-19
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
CVSS Score
7.5
EPSS Score
0.03
Published
2000-12-19
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
CVSS Score
7.2
EPSS Score
0.012
Published
2000-11-14
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
CVSS Score
7.2
EPSS Score
0.007
Published
2000-11-14
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
CVSS Score
7.5
EPSS Score
0.012
Published
2000-11-01
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.004
Published
2000-10-20
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
CVSS Score
4.6
EPSS Score
0.003
Published
2000-10-20
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVSS Score
7.5
EPSS Score
0.016
Published
2000-05-03
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVSS Score
2.1
EPSS Score
0.004
Published
2000-04-18


Contact Us

Shodan ® - All rights reserved