VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2025-1153Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is…

  • CVE-2025-1152Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather…

  • CVE-2025-1151Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather…

  • CVE-2025-1150Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an…

  • CVE-2025-1149Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of…

  • CVE-2025-1148Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an…

  • CVE-2025-1147Feb 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The…

  • CVE-2025-0840Jan 29, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the…

  • CVE-2024-56737Dec 29, 2024
    risk 0.00cvss epss 0.01

    GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

  • CVE-2024-56738Dec 29, 2024
    risk 0.00cvss epss 0.00

    GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

  • CVE-2024-53920Nov 27, 2024
    risk 0.00cvss epss 0.01

    In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs…

  • CVE-2024-50610Oct 27, 2024
    risk 0.00cvss epss 0.00

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.

  • CVE-2024-39331Jun 23, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

  • CVE-2024-38428Jun 16, 2024
    risk 0.00cvss epss 0.01

    url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

  • CVE-2024-36600Jun 14, 2024
    risk 0.00cvss epss 0.00

    Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

  • CVE-2024-5742Jun 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to…

  • CVE-2024-29399Apr 11, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

  • CVE-2024-27631Apr 8, 2024
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php

  • CVE-2024-27632Apr 8, 2024
    risk 0.00cvss epss 0.01

    An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.

  • CVE-2024-27630Apr 8, 2024
    risk 0.00cvss epss 0.01

    Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.

  • CVE-2023-39804Mar 27, 2024
    risk 0.00cvss epss 0.00

    In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

  • CVE-2024-30203Mar 25, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

  • CVE-2024-0684Feb 6, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

  • CVE-2023-7207Jan 5, 2024
    risk 0.00cvss epss 0.01

    Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

  • CVE-2023-50495Dec 12, 2023
    risk 0.00cvss epss 0.01

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

  • CVE-2023-4692Oct 25, 2023
    risk 0.00cvss epss 0.01

    An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap…

  • CVE-2023-5156Sep 25, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

  • CVE-2023-25584Sep 14, 2023
    risk 0.00cvss epss 0.00

    An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

  • CVE-2023-25585Sep 14, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

  • CVE-2023-25586Sep 14, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

  • CVE-2023-25588Sep 14, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

  • CVE-2023-4039Sep 13, 2023
    risk 0.00cvss epss 0.01

    **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only…

  • CVE-2022-44840Aug 22, 2023
    risk 0.00cvss epss 0.00

    Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

  • CVE-2022-47011Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

  • CVE-2022-47007Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

  • CVE-2022-45703Aug 22, 2023
    risk 0.00cvss epss 0.01

    Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

  • CVE-2020-21490Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

  • CVE-2020-35357Aug 22, 2023
    risk 0.00cvss epss 0.01

    A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected…

  • CVE-2022-35205Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

  • CVE-2020-35342Aug 22, 2023
    risk 0.00cvss epss 0.01

    GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

  • CVE-2022-47696Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

  • CVE-2022-47673Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

  • CVE-2022-47008Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

  • CVE-2020-19724Aug 22, 2023
    risk 0.00cvss epss 0.00

    A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

  • CVE-2022-47695Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

  • CVE-2022-35206Aug 22, 2023
    risk 0.00cvss epss 0.00

    Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

  • CVE-2022-48063Aug 22, 2023
    risk 0.00cvss epss 0.00

    GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

  • CVE-2022-47010Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

  • CVE-2022-48065Aug 22, 2023
    risk 0.00cvss epss 0.01

    GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

  • CVE-2022-48064Aug 22, 2023
    risk 0.00cvss epss 0.01

    GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Page 12 of 23