ReportizFlow
Filtered by vendor Gnu
Subscriptions
Total
1150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1579 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2025-02-13 | 7.8 High |
| Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | ||||
| CVE-2021-34337 | 1 Gnu | 1 Mailman | 2025-02-06 | 6.3 Medium |
| An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. | ||||
| CVE-2023-1972 | 1 Gnu | 1 Binutils | 2025-01-22 | 6.5 Medium |
| A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | ||||
| CVE-2023-2491 | 2 Gnu, Redhat | 5 Emacs, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-01-22 | 7.8 High |
| A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | ||||
| CVE-2021-30184 | 2 Fedoraproject, Gnu | 2 Fedora, Chess | 2025-01-13 | 7.8 High |
| GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. | ||||
| CVE-2020-35357 | 2 Debian, Gnu | 2 Debian Linux, Gnu Scientific Library | 2024-12-08 | 6.5 Medium |
| A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | ||||
| CVE-2023-36273 | 1 Gnu | 1 Libredwg | 2024-12-02 | 8.8 High |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | ||||
| CVE-2015-20109 | 1 Gnu | 1 Glibc | 2024-11-27 | 5.5 Medium |
| end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. | ||||
| CVE-2023-29491 | 2 Gnu, Redhat | 3 Ncurses, Enterprise Linux, Rhel Eus | 2024-11-27 | 7.8 High |
| ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||||
| CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-27 | 6.5 Medium |
| Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2023-0687 | 1 Gnu | 1 Glibc | 2024-11-25 | 4.6 Medium |
| A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | ||||
| CVE-2024-52867 | 1 Gnu | 1 Guix | 2024-11-21 | 8.1 High |
| guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. | ||||
| CVE-2024-0911 | 1 Gnu | 1 Indent | 2024-11-21 | 5.5 Medium |
| A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. | ||||
| CVE-2024-0684 | 1 Gnu | 1 Coreutils | 2024-11-21 | 5.5 Medium |
| A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. | ||||
| CVE-2023-4949 | 2 Gnu, Xen | 2 Grub, Xen | 2024-11-21 | 8.1 High |
| An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. | ||||
| CVE-2023-4156 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gawk, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | ||||
| CVE-2023-40305 | 1 Gnu | 1 Indent | 2024-11-21 | 5.5 Medium |
| GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. | ||||
| CVE-2023-40303 | 1 Gnu | 1 Inetutils | 2024-11-21 | 7.8 High |
| GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | ||||
| CVE-2023-39130 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. | ||||
| CVE-2023-39129 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. | ||||