Filtered by vendor Gnu Subscriptions
Total 1074 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-40305 1 Gnu 1 Indent 2024-11-21 5.5 Medium
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
CVE-2023-40303 1 Gnu 1 Inetutils 2024-11-21 7.8 High
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CVE-2023-39130 1 Gnu 1 Gdb 2024-11-21 5.5 Medium
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
CVE-2023-39129 1 Gnu 1 Gdb 2024-11-21 5.5 Medium
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
CVE-2023-39128 1 Gnu 1 Gdb 2024-11-21 5.5 Medium
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
CVE-2023-2789 1 Gnu 1 Cflow 2024-11-21 3.5 Low
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2491 2 Gnu, Redhat 5 Emacs, Enterprise Linux, Enterprise Linux Eus and 2 more 2024-11-21 7.8 High
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
CVE-2023-28617 2 Gnu, Redhat 6 Org Mode, Enterprise Linux, Rhel Aus and 3 more 2024-11-21 7.8 High
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
CVE-2023-27986 1 Gnu 1 Emacs 2024-11-21 7.8 High
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
CVE-2023-27985 1 Gnu 1 Emacs 2024-11-21 7.8 High
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
CVE-2023-27371 2 Gnu, Redhat 3 Libmicrohttpd, Enterprise Linux, Rhel Eus 2024-11-21 5.9 Medium
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
CVE-2023-26157 1 Gnu 1 Libredwg 2024-11-21 5.5 Medium
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
CVE-2023-25588 2 Gnu, Redhat 2 Binutils, Enterprise Linux 2024-11-21 4.7 Medium
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CVE-2023-25586 2 Gnu, Redhat 2 Binutils, Enterprise Linux 2024-11-21 4.7 Medium
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
CVE-2023-25585 2 Gnu, Redhat 2 Binutils, Enterprise Linux 2024-11-21 4.7 Medium
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CVE-2023-25222 1 Gnu 1 Libredwg 2024-11-21 8.8 High
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
CVE-2023-25139 1 Gnu 1 Glibc 2024-11-21 9.8 Critical
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
CVE-2023-24626 1 Gnu 1 Screen 2024-11-21 6.5 Medium
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
CVE-2023-1972 1 Gnu 1 Binutils 2024-11-21 6.5 Medium
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1579 2 Gnu, Redhat 2 Binutils, Enterprise Linux 2024-11-21 7.8 High
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.