Filtered by vendor Gnu
Subscribe
Total
1093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3468 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2025-04-12 | 7.5 HIGH | N/A |
| The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | |||||
| CVE-2016-3706 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. | |||||
| CVE-2015-6251 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | |||||
| CVE-2014-8503 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. | |||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2025-04-12 | 3.6 LOW | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-8776 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |||||
| CVE-2013-6889 | 1 Gnu | 1 Rush | 2025-04-12 | 4.9 MEDIUM | N/A |
| GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | |||||
| CVE-2015-5277 | 3 Canonical, Gnu, Redhat | 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more | 2025-04-12 | 7.2 HIGH | N/A |
| The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. | |||||
| CVE-2014-3469 | 4 Debian, Gnu, Redhat and 1 more | 14 Debian Linux, Gnutls, Libtasn1 and 11 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | |||||
| CVE-2014-6040 | 1 Gnu | 1 Glibc | 2025-04-12 | 5.0 MEDIUM | N/A |
| GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. | |||||
| CVE-2013-7423 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Glibc, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | |||||
| CVE-2011-2702 | 1 Gnu | 2 Eglibc, Glibc | 2025-04-12 | 6.8 MEDIUM | N/A |
| Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. | |||||
| CVE-2014-0475 | 1 Gnu | 1 Glibc | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. | |||||
| CVE-2014-8485 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. | |||||
| CVE-2015-1345 | 2 Gnu, Opensuse | 2 Grep, Opensuse | 2025-04-12 | 2.1 LOW | N/A |
| The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. | |||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
| CVE-2015-3308 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gnutls | 2025-04-12 | 7.5 HIGH | N/A |
| Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | |||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2025-04-12 | 3.3 LOW | N/A |
| The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
| CVE-2016-6261 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Libidn, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | |||||
| CVE-2014-1959 | 1 Gnu | 1 Gnutls | 2025-04-12 | 5.8 MEDIUM | N/A |
| lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. | |||||