Search Results (1257 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0435 2 Gnu, Redhat 3 Fileutils, Enterprise Linux, Linux 2026-04-16 N/A
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
CVE-2005-1705 2 Gnu, Redhat 2 Gdb, Enterprise Linux 2026-04-16 N/A
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Mac Os X Server, Glibc and 1 more 2026-04-16 N/A
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2005-3425 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVE-2000-1137 2 Gnu, Redhat 2 Ed, Linux 2026-04-16 N/A
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVE-2003-0367 2 Debian, Gnu 2 Debian Linux, Gzip 2026-04-16 6.2 Medium
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2006-3636 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4624 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
CVE-2002-2099 1 Gnu 1 Data Display Debugger 2026-04-16 N/A
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
CVE-2003-0795 4 Gnu, Quagga, Redhat and 1 more 5 Zebra, Quagga, Enterprise Linux and 2 more 2026-04-16 N/A
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
CVE-2001-0071 2 Gnu, Redhat 2 Privacy Guard, Linux 2026-04-16 N/A
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
CVE-2005-3424 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVE-2002-1146 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Linux 2026-04-16 N/A
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
CVE-2003-0028 11 Cray, Freebsd, Gnu and 8 more 15 Unicos, Freebsd, Glibc and 12 more 2026-04-16 N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-2006-0075 1 Gnu 1 Phpbook 2026-04-16 N/A
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVE-2000-0963 4 Freebsd, Gnu, Immunix and 1 more 4 Freebsd, Ncurses, Immunix and 1 more 2026-04-16 N/A
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
CVE-2002-0204 1 Gnu 1 Chess 2026-04-16 N/A
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
CVE-2001-1132 1 Gnu 1 Mailman 2026-04-16 N/A
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
CVE-2004-1487 2 Gnu, Redhat 2 Wget, Enterprise Linux 2026-04-16 N/A
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
CVE-2006-0455 2 Gnu, Redhat 2 Privacy Guard, Enterprise Linux 2026-04-16 N/A
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".