VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2021-46174Aug 22, 2023
    risk 0.00cvss epss 0.01

    Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

  • CVE-2023-40303Aug 14, 2023
    risk 0.00cvss epss 0.00

    GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before…

  • CVE-2023-39129Jul 25, 2023
    risk 0.00cvss epss 0.00

    GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

  • CVE-2023-39128Jul 25, 2023
    risk 0.00cvss epss 0.00

    GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

  • CVE-2023-39130Jul 25, 2023
    risk 0.00cvss epss 0.00

    GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

  • CVE-2021-32256Jul 18, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

  • CVE-2015-20109Jun 25, 2023
    risk 0.00cvss epss 0.00

    end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this…

  • CVE-2023-2789May 18, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The…

  • CVE-2023-1972May 17, 2023
    risk 0.00cvss epss 0.01

    A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

  • CVE-2023-1579Apr 3, 2023
    risk 0.00cvss epss 0.00

    Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

  • CVE-2023-27985Mar 9, 2023
    risk 0.00cvss epss 0.01

    emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

  • CVE-2023-27986Mar 9, 2023
    risk 0.00cvss epss 0.00

    emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

  • CVE-2023-27371Feb 28, 2023
    risk 0.00cvss epss 0.01

    GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or…

  • CVE-2022-48338Feb 20, 2023
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command…

  • CVE-2022-48337Feb 20, 2023
    risk 0.00cvss epss 0.02

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command…

  • CVE-2022-48339Feb 20, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name…

  • CVE-2022-46663Feb 7, 2023
    risk 0.00cvss epss 0.01

    In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

  • CVE-2023-0687Feb 6, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix…

  • CVE-2023-25139Feb 3, 2023
    risk 0.00cvss epss 0.01

    sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated…

  • CVE-2022-48303Jan 30, 2023
    risk 0.00cvss epss 0.05

    GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has…

  • CVE-2022-4285Jan 27, 2023
    risk 0.00cvss epss 0.00

    An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

  • CVE-2022-24119Dec 26, 2022
    risk 0.00cvss epss 0.01

    Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

  • CVE-2022-45939Nov 28, 2022
    risk 0.00cvss epss 0.01

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command…

  • CVE-2021-46848Oct 24, 2022
    risk 0.00cvss epss 0.02

    GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

  • CVE-2022-41550Oct 11, 2022
    risk 0.00cvss epss 0.01

    GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.

  • CVE-2022-39831Sep 5, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is…

  • CVE-2022-39832Sep 5, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2021-3826Sep 1, 2022
    risk 0.00cvss epss 0.01

    Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

  • CVE-2022-1271Aug 31, 2022
    risk 0.00cvss epss 0.04

    An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to…

  • CVE-2022-39046Aug 31, 2022
    risk 0.00cvss epss 0.02

    An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the…

  • CVE-2022-39028Aug 30, 2022
    risk 0.00cvss epss 0.02

    telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However,…

  • CVE-2022-38533Aug 25, 2022
    risk 0.00cvss epss 0.00

    In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

  • CVE-2021-33643Aug 9, 2022
    risk 0.00cvss epss 0.01

    An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

  • CVE-2022-2469Jul 19, 2022
    risk 0.00cvss epss 0.01

    GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

  • CVE-2022-27943Mar 26, 2022
    risk 0.00cvss epss 0.01

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

  • CVE-2021-3981Mar 8, 2022
    risk 0.00cvss epss 0.00

    A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted…

  • CVE-2021-46021Jan 14, 2022
    risk 0.00cvss epss 0.01

    An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

  • CVE-2021-46195Jan 14, 2022
    risk 0.00cvss epss 0.01

    GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

  • CVE-2022-23219Jan 14, 2022
    risk 0.00cvss epss 0.04

    The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or…

  • CVE-2021-46019Jan 14, 2022
    risk 0.00cvss epss 0.01

    An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

  • CVE-2022-23218Jan 14, 2022
    risk 0.00cvss epss 0.05

    The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if…

  • CVE-2021-46022Jan 14, 2022
    risk 0.00cvss epss 0.01

    An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

  • CVE-2021-45261Dec 22, 2021
    risk 0.00cvss epss 0.01

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

  • CVE-2021-45078Dec 15, 2021
    risk 0.00cvss epss 0.01

    stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix…

  • CVE-2021-43618Nov 15, 2021
    risk 0.00cvss epss 0.03

    GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

  • CVE-2021-43332Nov 12, 2021
    risk 0.00cvss epss 0.01

    In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

  • CVE-2021-43331Nov 12, 2021
    risk 0.00cvss epss 0.01

    In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

  • CVE-2021-43412Nov 7, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

  • CVE-2021-43413Nov 7, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.

  • CVE-2021-43414Nov 7, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.

Page 13 of 23