MidnightBSD

Advisories for gnucash

CVE-2010-3999 MEDIUM

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnucash gnucash 2.3.8
gnucash gnucash 2.3.9
gnucash gnucash 2.3.4
gnucash gnucash 2.3.11
gnucash gnucash 2.3.12
gnucash gnucash 2.3.7
gnucash gnucash 2.3.14
gnucash gnucash 2.2.2
gnucash gnucash 2.2.5
gnucash gnucash 2.3.13
gnucash gnucash 2.2.9
gnucash gnucash 2.2.7
gnucash gnucash 2.3.5
gnucash gnucash 2.3.6
gnucash gnucash 1.8.4
gnucash gnucash 2.3.3
gnucash gnucash 2.2.3
gnucash gnucash 1.8.5
gnucash gnucash 2.2.1
gnucash gnucash 2.3.10
gnucash gnucash 2.3.1
gnucash gnucash *
gnucash gnucash 2.3.2
gnucash gnucash 2.2.8
gnucash gnucash 2.2.6
gnucash gnucash 1.8.3
gnucash gnucash 2.2.0
gnucash gnucash 2.0.1
gnucash gnucash 2.2.4
gnucash gnucash 2.3.0
gnucash gnucash 2.0.0