gnu vulnerabilities and exploits

3.3
CVSSv2
CVE-2010-4337

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files....

4.6
CVSSv2
CVE-2001-0290

Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords....

5
CVSSv2
CVE-2019-9770

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension....

7.5
CVSSv2
CVE-2017-10684

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack....

GnuNcurses
7.5
CVSSv2
CVE-2002-0204

Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command....

3.3
CVSSv2
CVE-2009-5079

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file....

6.8
CVSSv2
CVE-2015-8983

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a...

5
CVSSv2
CVE-2017-7302

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability...

5
CVSSv2
CVE-2004-0412

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server....

6.2
CVSSv2
CVE-2000-0151

GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands....