Gnu: Security Vulnerabilities
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVSS Score
6.3
EPSS Score
0.011
Published
2007-11-02
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS Score
6.9
EPSS Score
0.0
Published
2007-10-12
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVSS Score
7.5
EPSS Score
0.118
Published
2007-09-05
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
CVSS Score
4.3
EPSS Score
0.017
Published
2007-08-27
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
CVSS Score
6.8
EPSS Score
0.111
Published
2007-08-25
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVSS Score
7.8
EPSS Score
0.013
Published
2007-06-21
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
CVSS Score
7.2
EPSS Score
0.003
Published
2007-06-05
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
CVSS Score
6.0
EPSS Score
0.016
Published
2007-06-04
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-05-22
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
CVSS Score
10.0
EPSS Score
0.137
Published
2007-05-04