VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2016-1023HigApr 9, 2016
    risk 0.58cvss 8.8epss 0.04

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-0991HigMar 12, 2016
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows…

  • CVE-2016-0978HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.04

    Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…

  • CVE-2025-1244HigFeb 12, 2025
    risk 0.57cvss 8.8epss 0.03

    A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a…

  • CVE-2023-6246HigJan 31, 2024
    risk 0.57cvss 8.4epss 0.05

    A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program…

  • CVE-2018-16430HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.03

    GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

  • CVE-2018-14346HigJul 17, 2018
    risk 0.57cvss 8.8epss 0.02

    GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

  • CVE-2017-18198HigFeb 24, 2018
    risk 0.57cvss 8.8epss 0.04

    print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.

  • CVE-2017-17531HigDec 14, 2017
    risk 0.57cvss 8.8epss 0.01

    gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

  • CVE-2016-7123HigSep 2, 2016
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.

  • CVE-2016-6893HigSep 2, 2016
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a…

  • CVE-2016-7098HigSep 26, 2016
    risk 0.56cvss 8.1epss 0.07

    Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

  • CVE-2024-53589HigDec 5, 2024
    risk 0.55cvss 8.4epss 0.00

    GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

  • CVE-2018-1000001HigJan 31, 2018
    risk 0.55cvss 7.8epss 0.14

    In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

  • CVE-2018-6323HigJan 26, 2018
    risk 0.54cvss 7.8epss 0.06

    The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial…

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2017-9756HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of…

  • CVE-2017-9750HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by…

  • CVE-2017-9749HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.09

    The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during…

  • CVE-2017-9748HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via…

  • CVE-2017-9747HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact…

  • CVE-2017-9746HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.09

    The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing…

  • CVE-2017-9742HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file…

  • CVE-2016-2226HigFeb 24, 2017
    risk 0.54cvss 7.8epss 0.07

    Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

  • CVE-2026-40200HigApr 10, 2026
    risk 0.53cvss 8.1epss 0.00

    An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on…

  • CVE-2024-33599HigMay 6, 2024
    risk 0.53cvss 8.1epss 0.01

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15…

  • CVE-2023-6779HigJan 31, 2024
    risk 0.53cvss 8.2epss 0.03

    An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an…

  • CVE-2017-17426HigDec 5, 2017
    risk 0.53cvss 8.1epss 0.02

    The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread…

  • CVE-2015-8983HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.04

    Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a…

  • CVE-2015-8982HigMar 15, 2017
    risk 0.53cvss 8.1epss 0.04

    Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

  • CVE-2026-6846HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…

  • CVE-2025-61662HigNov 18, 2025
    risk 0.51cvss 7.8epss 0.00

    A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command,…

  • CVE-2018-11237HigMay 18, 2018
    risk 0.51cvss 7.8epss 0.01

    An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

  • CVE-2018-1000156HigApr 6, 2018
    risk 0.51cvss 7.8epss 0.06

    GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is…

  • CVE-2018-7643HigMar 2, 2018
    risk 0.51cvss 7.8epss 0.02

    The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

  • CVE-2018-7208HigFeb 18, 2018
    risk 0.51cvss 7.8epss 0.02

    In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified…

  • CVE-2018-6543HigFeb 2, 2018
    risk 0.51cvss 7.8epss 0.02

    In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other…

  • CVE-2017-16997HigDec 18, 2017
    risk 0.51cvss 7.8epss 0.03

    elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory,…

  • CVE-2017-17126HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

  • CVE-2017-17125HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

  • CVE-2017-17124HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service…

  • CVE-2017-17122HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly…

  • CVE-2017-17121HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location…

  • CVE-2017-16879HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

  • CVE-2017-16832HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service…

  • CVE-2017-16831HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or…

  • CVE-2017-16830HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other…

  • CVE-2017-16829HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2017-16828HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to…

  • CVE-2017-16827HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified…

Page 2 of 23