Filtered by vendor Gnu
Subscribe
Total
1093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4492 | 1 Gnu | 1 Libiberty | 2025-04-20 | 4.3 MEDIUM | 4.4 MEDIUM |
| Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. | |||||
| CVE-2017-12958 | 1 Gnu | 1 Pspp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||||
| CVE-2015-8982 | 1 Gnu | 1 Glibc | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | |||||
| CVE-2017-10792 | 1 Gnu | 1 Pspp | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Patch and 6 more | 2025-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | |||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | |||||
| CVE-2014-8484 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 5.0 MEDIUM | N/A |
| The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. | |||||
| CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
| lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||||
| CVE-2014-8121 | 3 Canonical, Gnu, Suse | 4 Ubuntu Linux, Glibc, Suse Linux Enterprise Desktop and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. | |||||
| CVE-2009-5138 | 1 Gnu | 1 Gnutls | 2025-04-12 | 5.8 MEDIUM | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | |||||
| CVE-2014-8155 | 1 Gnu | 1 Gnutls | 2025-04-12 | 4.3 MEDIUM | N/A |
| GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | |||||
| CVE-2016-2856 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
| pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. | |||||
| CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | |||||
| CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Gnutls, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | |||||
| CVE-2015-8778 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | |||||
| CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2025-04-12 | 5.0 MEDIUM | N/A |
| iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||
| CVE-2014-7817 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Glibc and 1 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". | |||||
| CVE-2016-7123 | 1 Gnu | 1 Mailman | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2014-9112 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2025-04-12 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||