Filtered by vendor Gnu
Subscriptions
Total
1074 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0361 | 5 Debian, Fedoraproject, Gnu and 2 more | 8 Debian Linux, Fedora, Gnutls and 5 more | 2024-11-21 | 7.4 High |
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | ||||
CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 5 Fedora, Binutils, Enterprise Linux and 2 more | 2024-11-21 | 5.5 Medium |
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | ||||
CVE-2022-48339 | 2 Gnu, Redhat | 3 Emacs, Enterprise Linux, Rhel Eus | 2024-11-21 | 7.8 High |
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | ||||
CVE-2022-48338 | 2 Gnu, Redhat | 2 Emacs, Enterprise Linux | 2024-11-21 | 7.3 High |
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | ||||
CVE-2022-48337 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
CVE-2022-48303 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Tar, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | ||||
CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | ||||
CVE-2022-48064 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | ||||
CVE-2022-48063 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | ||||
CVE-2022-47696 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | ||||
CVE-2022-47695 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | ||||
CVE-2022-47673 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | ||||
CVE-2022-47011 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||
CVE-2022-47010 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||
CVE-2022-47008 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||
CVE-2022-47007 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||
CVE-2022-46663 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Less, Enterprise Linux | 2024-11-21 | 7.5 High |
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | ||||
CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2024-11-21 | 7.8 High |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
CVE-2022-45703 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. | ||||
CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.8 High |
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. |