Search Results (1261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1453 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2026-04-16 N/A
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
CVE-2006-0300 2 Gnu, Redhat 2 Tar, Enterprise Linux 2026-04-16 N/A
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
CVE-2003-0795 4 Gnu, Quagga, Redhat and 1 more 5 Zebra, Quagga, Enterprise Linux and 2 more 2026-04-16 N/A
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
CVE-2000-0271 1 Gnu 1 Emacs 2026-04-16 N/A
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVE-2003-0858 3 Gnu, Quagga, Redhat 4 Zebra, Quagga Routing Software Suite, Enterprise Linux and 1 more 2026-04-16 N/A
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2002-1146 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Linux 2026-04-16 N/A
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
CVE-2004-1337 3 Conectiva, Gnu, Ubuntu 3 Linux, Realtime Linux Security Module, Ubuntu Linux 2026-04-16 N/A
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVE-2006-0052 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
CVE-2005-1918 2 Gnu, Redhat 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVE-2002-0044 3 Debian, Gnu, Redhat 3 Debian Linux, Enscript, Linux 2026-04-16 N/A
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVE-2001-1377 12 Freeradius, Gnu, Icradius and 9 more 12 Freeradius, Radius, Icradius and 9 more 2026-04-16 N/A
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVE-2006-0049 2 Gnu, Redhat 2 Privacy Guard, Enterprise Linux 2026-04-16 N/A
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
CVE-2002-0399 2 Gnu, Redhat 3 Tar, Enterprise Linux, Linux 2026-04-16 N/A
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
CVE-2004-1296 1 Gnu 1 Groff 2026-04-16 N/A
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2001-1376 13 Ascend, Freeradius, Gnu and 10 more 13 Radius, Freeradius, Radius and 10 more 2026-04-16 N/A
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
CVE-2005-4268 2 Gnu, Redhat 2 Cpio, Enterprise Linux 2026-04-16 N/A
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
CVE-2000-0786 1 Gnu 1 Userv 2026-04-16 N/A
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
CVE-2005-1705 2 Gnu, Redhat 2 Gdb, Enterprise Linux 2026-04-16 N/A
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVE-2004-1186 2 Gnu, Redhat 2 Enscript, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
CVE-2005-1521 1 Gnu 1 Mailutils 2026-04-16 N/A
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.