Filtered by vendor Gnu
Subscribe
Search
Total
375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1197 | 1 Gnu | 1 Cpio | 2023-12-27 | 1.9 LOW | N/A |
| cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | |||||
| CVE-2006-2362 | 1 Gnu | 1 Binutils | 2023-12-22 | 7.5 HIGH | N/A |
| Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | |||||
| CVE-2015-0235 | 7 Apple, Debian, Gnu and 4 more | 18 Mac Os X, Debian Linux, Glibc and 15 more | 2022-07-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | |||||
| CVE-2014-7169 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | N/A |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
| CVE-2014-6278 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | |||||
| CVE-2013-7423 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Glibc, Opensuse and 1 more | 2021-09-01 | 5.0 MEDIUM | N/A |
| The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | |||||
| CVE-2013-1914 | 1 Gnu | 1 Glibc | 2021-09-01 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. | |||||
| CVE-2010-4756 | 1 Gnu | 1 Glibc | 2021-09-01 | 4.0 MEDIUM | N/A |
| The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | |||||
| CVE-2010-4051 | 1 Gnu | 1 Glibc | 2021-06-18 | 5.0 MEDIUM | N/A |
| The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | |||||
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2021-06-18 | 10.0 HIGH | N/A |
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2021-05-17 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
| CVE-2000-0803 | 1 Gnu | 1 Groff | 2021-05-10 | 10.0 HIGH | N/A |
| GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. | |||||
| CVE-2011-4862 | 8 Debian, Fedoraproject, Freebsd and 5 more | 10 Debian Linux, Fedora, Freebsd and 7 more | 2021-02-09 | 10.0 HIGH | N/A |
| Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | |||||
| CVE-2009-3555 | 7 Apache, Canonical, Debian and 4 more | 7 Http Server, Ubuntu Linux, Debian Linux and 4 more | 2021-02-05 | 5.8 MEDIUM | N/A |
| The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | |||||
| CVE-2014-9471 | 2 Canonical, Gnu | 2 Ubuntu Linux, Coreutils | 2020-12-08 | 7.5 HIGH | N/A |
| The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | |||||
| CVE-2014-3467 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2020-11-16 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||||
| CVE-2014-3468 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2020-11-16 | 7.5 HIGH | N/A |
| The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | |||||
| CVE-2014-3469 | 4 Debian, Gnu, Redhat and 1 more | 14 Debian Linux, Gnutls, Libtasn1 and 11 more | 2020-11-16 | 5.0 MEDIUM | N/A |
| The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | |||||
| CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2020-04-01 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | |||||
| CVE-2005-4808 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2020-04-01 | 7.6 HIGH | N/A |
| Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | |||||
| CVE-2014-5119 | 2 Debian, Gnu | 2 Debian Linux, Glibc | 2020-03-31 | 7.5 HIGH | N/A |
| Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. | |||||
| CVE-2010-3192 | 1 Gnu | 1 Glibc | 2020-03-31 | 5.0 MEDIUM | N/A |
| Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | |||||
| CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2020-01-21 | 7.5 HIGH | N/A |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | |||||
| CVE-2005-0758 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gzip | 2019-10-16 | 4.6 MEDIUM | N/A |
| zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||||
| CVE-2015-1781 | 4 Canonical, Debian, Gnu and 1 more | 6 Ubuntu Linux, Debian Linux, Glibc and 3 more | 2019-06-17 | 6.8 MEDIUM | N/A |
| Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. | |||||
| CVE-2014-9402 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Glibc, Opensuse | 2019-06-13 | 7.8 HIGH | N/A |
| The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. | |||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2019-06-13 | 7.5 HIGH | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
| CVE-2010-0296 | 1 Gnu | 1 Glibc | 2019-06-13 | 7.2 HIGH | N/A |
| The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | |||||
| CVE-2012-4412 | 1 Gnu | 1 Glibc | 2019-06-13 | 7.5 HIGH | N/A |
| Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-1472 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2019-06-13 | 7.5 HIGH | N/A |
| The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. | |||||
| CVE-2010-3856 | 1 Gnu | 1 Glibc | 2019-06-13 | 7.2 HIGH | N/A |
| ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | |||||
| CVE-2015-6806 | 1 Gnu | 1 Gnu Screen | 2019-06-02 | 5.0 MEDIUM | N/A |
| The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | |||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2019-05-23 | 2.1 LOW | N/A |
| znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2012-3405 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2019-04-22 | 5.0 MEDIUM | N/A |
| The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. | |||||
| CVE-2012-3406 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2019-04-22 | 6.8 MEDIUM | N/A |
| The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | |||||
| CVE-2012-3404 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2019-04-22 | 5.0 MEDIUM | N/A |
| The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. | |||||
| CVE-2014-8155 | 1 Gnu | 1 Gnutls | 2019-04-08 | 4.3 MEDIUM | N/A |
| GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | |||||
| CVE-2015-5276 | 1 Gnu | 1 Gcc | 2019-02-12 | 5.0 MEDIUM | N/A |
| The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | |||||
| CVE-2012-0035 | 2 Eric M Ludlam, Gnu | 2 Cedet, Emacs | 2018-12-07 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | |||||
| CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Gnutls, Opensuse and 4 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | |||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2018-10-30 | 3.3 LOW | N/A |
| The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
| CVE-2015-2059 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libidn, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
| The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | |||||
| CVE-2015-3622 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libtasn1, Opensuse | 2018-10-30 | 4.3 MEDIUM | N/A |
| The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. | |||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2018-10-30 | 3.6 LOW | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2018-10-30 | 4.3 MEDIUM | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||||
| CVE-2013-4487 | 2 Gnu, Opensuse | 2 Gnutls, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
| Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. | |||||
| CVE-2015-1345 | 2 Gnu, Opensuse | 2 Grep, Opensuse | 2018-10-30 | 2.1 LOW | N/A |
| The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. | |||||
| CVE-2014-7817 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Glibc and 1 more | 2018-10-30 | 4.6 MEDIUM | N/A |
| The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". | |||||
| CVE-2014-9488 | 2 Gnu, Opensuse | 2 Less, Opensuse | 2018-10-30 | 10.0 HIGH | N/A |
| The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. | |||||
| CVE-2001-1376 | 12 Ascend, Freeradius, Gnu and 9 more | 12 Radius, Freeradius, Radius and 9 more | 2018-10-30 | 7.5 HIGH | N/A |
| Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | |||||