VYPR
Vendor

GNU

GNU is an extensive collection of free software, which can be used as an operating system or can be used in parts with other operating systems. Most of GNU is licensed under the GNU Project's own General Public License (GPL).

Founded 1983
Products
142
CVEs
1,137
Across products
1,028
Status
Private

Products

142
View all 142 products →

Recent CVEs

1,137
View all 1,137 CVEs →
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2014-6278HigKEVSep 30, 2014
    risk 0.80cvss 8.8epss 1.00

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH…

  • CVE-2023-4911HigKEVOct 3, 2023
    risk 0.71cvss 7.8epss 0.81

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID…

  • CVE-2026-32746CriMar 13, 2026
    risk 0.67cvss 9.8epss 0.24

    telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

  • CVE-2009-3555CriNov 9, 2009
    risk 0.67cvss 9.8epss 0.87

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…

  • CVE-2017-5334CriMar 24, 2017
    risk 0.66cvss 9.8epss 0.33

    Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

  • CVE-2026-5450CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2018-25154CriDec 24, 2025
    risk 0.64cvss 9.8epss 0.00

    GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

  • CVE-2018-12699CriJun 23, 2018
    risk 0.64cvss 9.8epss 0.05

    finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

  • CVE-2018-11236CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.07

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially,…

  • CVE-2017-18269CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.05

    An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address…

  • CVE-2014-5044CriMar 7, 2018
    risk 0.64cvss 9.8epss 0.06

    Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.

  • CVE-2017-18201CriFeb 26, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.

  • CVE-2018-6485CriFeb 1, 2018
    risk 0.64cvss 9.8epss 0.05

    An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

  • CVE-2017-13089HigOct 27, 2017
    risk 0.64cvss 8.8epss 0.80

    The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a…

  • CVE-2017-15804CriOct 22, 2017
    risk 0.64cvss 9.8epss 0.03

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

  • CVE-2017-15670CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.03

    The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

  • CVE-2014-9474CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.

  • CVE-2017-14062CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.04

    Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.