Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43411 | 0.00 | — | 0.01 | Nov 7, 2021 | An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to… | |||
| CVE-2021-43396 | 0.00 | — | 0.03 | Nov 4, 2021 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases.… | |||
| CVE-2021-42097 | 0.00 | — | 0.01 | Oct 21, 2021 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for… | |||
| CVE-2021-42096 | 0.00 | — | 0.01 | Oct 21, 2021 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. | |||
| CVE-2021-40491 | 0.00 | — | 0.01 | Sep 3, 2021 | The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. | |||
| CVE-2021-38604 | 0.00 | — | 0.03 | Aug 12, 2021 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | |||
| CVE-2021-35942 | 0.00 | — | 0.03 | Jul 22, 2021 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs… | |||
| CVE-2019-25051 | 0.00 | — | 0.01 | Jul 20, 2021 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | |||
| CVE-2021-3530 | 0.00 | — | 0.02 | Jun 2, 2021 | A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | |||
| CVE-2020-18395 | 0.00 | — | 0.01 | May 28, 2021 | A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | |||
| CVE-2021-3549 | 0.00 | — | 0.01 | May 26, 2021 | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this… | |||
| CVE-2021-33574 | 0.00 | — | 0.03 | May 25, 2021 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service… | |||
| CVE-2020-23856 | 0.00 | — | 0.00 | May 18, 2021 | Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | |||
| CVE-2021-31879 | 0.00 | — | 0.01 | Apr 29, 2021 | GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | |||
| CVE-2021-20294 | 0.00 | — | 0.03 | Apr 29, 2021 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to… | |||
| CVE-2021-30184 | 0.00 | — | 0.02 | Apr 7, 2021 | GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. | |||
| CVE-2021-20197 | 0.00 | — | 0.00 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an… | |||
| CVE-2021-20193 | 0.00 | — | 0.01 | Mar 26, 2021 | A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. | |||
| CVE-2021-20284 | 0.00 | — | 0.01 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | |||
| CVE-2021-3466 | 0.00 | — | 0.09 | Mar 25, 2021 | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data… | |||
| CVE-2020-25647 | 0.00 | — | 0.01 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to… | |||
| CVE-2020-27618 | 0.00 | — | 0.01 | Feb 26, 2021 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications,… | |||
| CVE-2021-27645 | 0.00 | — | 0.00 | Feb 24, 2021 | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to… | |||
| CVE-2021-3326 | 0.00 | — | 0.03 | Jan 27, 2021 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | |||
| CVE-2020-35507 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application… | |||
| CVE-2020-35496 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw… | |||
| CVE-2020-35495 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions… | |||
| CVE-2020-35494 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw… | |||
| CVE-2020-35493 | 0.00 | — | 0.01 | Jan 4, 2021 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to… | |||
| CVE-2019-25013 | 0.00 | — | 0.04 | Jan 4, 2021 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | |||
| CVE-2020-35448 | 0.00 | — | 0.01 | Dec 27, 2020 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in… | |||
| CVE-2020-16599 | 0.00 | — | 0.01 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | |||
| CVE-2020-16593 | 0.00 | — | 0.01 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | |||
| CVE-2020-16592 | 0.00 | — | 0.01 | Dec 9, 2020 | A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | |||
| CVE-2020-16591 | 0.00 | — | 0.01 | Dec 9, 2020 | A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | |||
| CVE-2020-16590 | 0.00 | — | 0.01 | Dec 9, 2020 | A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | |||
| CVE-2020-29573 | 0.00 | — | 0.03 | Dec 5, 2020 | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a… | |||
| CVE-2020-29562 | 0.00 | — | 0.02 | Dec 4, 2020 | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | |||
| CVE-1999-0199 | 0.00 | — | 0.02 | Oct 6, 2020 | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation… | |||
| CVE-2020-24240 | 0.00 | — | 0.01 | Aug 25, 2020 | GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific… | |||
| CVE-2020-14311 | 0.00 | — | 0.00 | Jul 31, 2020 | There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. | |||
| CVE-2020-10713 | 0.00 | — | 0.01 | Jul 30, 2020 | A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need… | |||
| CVE-2020-15011 | 0.00 | — | 0.02 | Jun 24, 2020 | GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | |||
| CVE-2017-9103 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into… | |||
| CVE-2017-9104 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | |||
| CVE-2017-9105 | 0.00 | — | 0.04 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. | |||
| CVE-2017-9106 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the… | |||
| CVE-2017-9107 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape… | |||
| CVE-2017-9108 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this… | |||
| CVE-2017-9109 | 0.00 | — | 0.02 | Jun 18, 2020 | An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME… |
- CVE-2021-43411Nov 7, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to…
- CVE-2021-43396Nov 4, 2021risk 0.00cvss —epss 0.03
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases.…
- CVE-2021-42097Oct 21, 2021risk 0.00cvss —epss 0.01
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for…
- CVE-2021-42096Oct 21, 2021risk 0.00cvss —epss 0.01
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
- CVE-2021-40491Sep 3, 2021risk 0.00cvss —epss 0.01
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
- CVE-2021-38604Aug 12, 2021risk 0.00cvss —epss 0.03
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
- CVE-2021-35942Jul 22, 2021risk 0.00cvss —epss 0.03
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs…
- CVE-2019-25051Jul 20, 2021risk 0.00cvss —epss 0.01
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
- CVE-2021-3530Jun 2, 2021risk 0.00cvss —epss 0.02
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
- CVE-2020-18395May 28, 2021risk 0.00cvss —epss 0.01
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
- CVE-2021-3549May 26, 2021risk 0.00cvss —epss 0.01
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this…
- CVE-2021-33574May 25, 2021risk 0.00cvss —epss 0.03
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service…
- CVE-2020-23856May 18, 2021risk 0.00cvss —epss 0.00
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
- CVE-2021-31879Apr 29, 2021risk 0.00cvss —epss 0.01
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
- CVE-2021-20294Apr 29, 2021risk 0.00cvss —epss 0.03
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to…
- CVE-2021-30184Apr 7, 2021risk 0.00cvss —epss 0.02
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
- CVE-2021-20197Mar 26, 2021risk 0.00cvss —epss 0.00
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an…
- CVE-2021-20193Mar 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
- CVE-2021-20284Mar 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
- CVE-2021-3466Mar 25, 2021risk 0.00cvss —epss 0.09
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data…
- CVE-2020-25647Mar 3, 2021risk 0.00cvss —epss 0.01
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to…
- CVE-2020-27618Feb 26, 2021risk 0.00cvss —epss 0.01
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications,…
- CVE-2021-27645Feb 24, 2021risk 0.00cvss —epss 0.00
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to…
- CVE-2021-3326Jan 27, 2021risk 0.00cvss —epss 0.03
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
- CVE-2020-35507Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application…
- CVE-2020-35496Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw…
- CVE-2020-35495Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions…
- CVE-2020-35494Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw…
- CVE-2020-35493Jan 4, 2021risk 0.00cvss —epss 0.01
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to…
- CVE-2019-25013Jan 4, 2021risk 0.00cvss —epss 0.04
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
- CVE-2020-35448Dec 27, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in…
- CVE-2020-16599Dec 9, 2020risk 0.00cvss —epss 0.01
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
- CVE-2020-16593Dec 9, 2020risk 0.00cvss —epss 0.01
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
- CVE-2020-16592Dec 9, 2020risk 0.00cvss —epss 0.01
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
- CVE-2020-16591Dec 9, 2020risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
- CVE-2020-16590Dec 9, 2020risk 0.00cvss —epss 0.01
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
- CVE-2020-29573Dec 5, 2020risk 0.00cvss —epss 0.03
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a…
- CVE-2020-29562Dec 4, 2020risk 0.00cvss —epss 0.02
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
- CVE-1999-0199Oct 6, 2020risk 0.00cvss —epss 0.02
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation…
- CVE-2020-24240Aug 25, 2020risk 0.00cvss —epss 0.01
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific…
- CVE-2020-14311Jul 31, 2020risk 0.00cvss —epss 0.00
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
- CVE-2020-10713Jul 30, 2020risk 0.00cvss —epss 0.01
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need…
- CVE-2020-15011Jun 24, 2020risk 0.00cvss —epss 0.02
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
- CVE-2017-9103Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into…
- CVE-2017-9104Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
- CVE-2017-9105Jun 18, 2020risk 0.00cvss —epss 0.04
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.
- CVE-2017-9106Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the…
- CVE-2017-9107Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape…
- CVE-2017-9108Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this…
- CVE-2017-9109Jun 18, 2020risk 0.00cvss —epss 0.02
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME…
Page 14 of 23