VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2024-28835MedMar 21, 2024
    risk 0.33cvss 5.0epss 0.00

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

  • CVE-2015-1865MedSep 20, 2017
    risk 0.33cvss 5.1epss 0.00

    fts.c in coreutils 8.4 allows local users to delete arbitrary files.

  • CVE-2025-54771MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this…

  • CVE-2025-54770MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from…

  • CVE-2026-1858MedApr 29, 2026
    risk 0.31cvss 4.8epss 0.00

    wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

  • CVE-2025-0577MedFeb 18, 2026
    risk 0.31cvss 4.8epss 0.00

    An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

  • CVE-2005-1111MedMay 2, 2005
    risk 0.31cvss 4.7epss 0.00

    Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

  • CVE-2016-2781MedFeb 7, 2017
    risk 0.30cvss 4.6epss 0.00

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2014-9637MedAug 25, 2017
    risk 0.29cvss 5.5epss 0.02

    GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

  • CVE-2016-4492MedFeb 24, 2017
    risk 0.29cvss 4.4epss 0.02

    Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

  • CVE-2017-11671MedJul 26, 2017
    risk 0.26cvss 4.0epss 0.00

    Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can…

  • CVE-2026-32772LowMar 16, 2026
    risk 0.22cvss 3.4epss 0.00

    telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

  • CVE-2026-24061KEVJan 21, 2026
    risk 0.22cvss epss 0.99

    telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • CVE-2025-5278MedMay 27, 2025
    risk 0.22cvss 4.4epss 0.00

    A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a…

  • CVE-2026-6042LowApr 10, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local…

  • CVE-2025-11840LowOct 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be…

  • CVE-2025-11839LowOct 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used…

  • CVE-2025-11495LowOct 8, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has…

  • CVE-2025-11494LowOct 8, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made…

  • CVE-2025-11414LowOct 7, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been…

  • CVE-2025-11413LowOct 7, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and…

  • CVE-2025-11412LowOct 7, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been…

  • CVE-2025-11081LowSep 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used.…

  • CVE-2025-8746LowAug 9, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may…

  • CVE-2025-8735LowAug 8, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has…

  • CVE-2025-8225LowJul 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The…

  • CVE-2025-8224LowJul 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to…

  • CVE-2025-6141LowJun 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached…

  • CVE-2025-46804LowMay 26, 2025
    risk 0.21cvss 3.3epss 0.00

    A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.

  • CVE-2025-3198LowApr 4, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached…

  • CVE-2026-3832LowApr 30, 2026
    risk 0.17cvss 3.7epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with…

  • CVE-2025-1376LowFeb 17, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the…

  • CVE-2015-0235Jan 28, 2015
    risk 0.11cvss epss 0.95

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-1999-0016Dec 1, 1997
    risk 0.11cvss epss 0.96

    Land IP denial of service.

  • CVE-2014-0556Sep 10, 2014
    risk 0.10cvss epss 0.84

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and…

  • CVE-2025-24369LowJan 27, 2025
    risk 0.08cvss epss 0.00

    Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge,…

  • CVE-2015-3080May 13, 2015
    risk 0.08cvss epss 0.57

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows…

  • CVE-2014-7187Sep 28, 2014
    risk 0.08cvss epss 0.58

    Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the…

  • CVE-2014-7186Sep 28, 2014
    risk 0.08cvss epss 0.64

    The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack"…

  • CVE-2014-6277Sep 27, 2014
    risk 0.08cvss epss 0.64

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write…

  • CVE-2010-4052Jan 13, 2011
    risk 0.07cvss epss 0.51

    Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent…

  • CVE-2015-8434Dec 10, 2015
    risk 0.06cvss epss 0.43

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8430Dec 10, 2015
    risk 0.06cvss epss 0.43

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8428Dec 10, 2015
    risk 0.06cvss epss 0.43

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8411Dec 10, 2015
    risk 0.06cvss epss 0.32

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-8410Dec 10, 2015
    risk 0.06cvss epss 0.32

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows…

  • CVE-2015-3083May 13, 2015
    risk 0.06cvss epss 0.41

    Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass…

  • CVE-2015-3082May 13, 2015
    risk 0.06cvss epss 0.43

    Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass…

  • CVE-2010-4051Jan 13, 2011
    risk 0.06cvss epss 0.40

    The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the…

  • CVE-2004-1701Aug 9, 2004
    risk 0.05cvss epss 0.20

    Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Page 8 of 23