Filtered by vendor Gnu
Subscriptions
Total
1183 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0092 | 2 Gnu, Redhat | 5 Gnutls, Enterprise Linux, Rhel Els and 2 more | 2025-04-12 | N/A |
| lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2015-5276 | 1 Gnu | 1 Gcc | 2025-04-12 | N/A |
| The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | ||||
| CVE-2015-6806 | 1 Gnu | 1 Gnu Screen | 2025-04-12 | N/A |
| The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | ||||
| CVE-2016-3706 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | 7.5 High |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. | ||||
| CVE-2014-4877 | 2 Gnu, Redhat | 3 Wget, Enterprise Linux, Rhel Eus | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | ||||
| CVE-2014-9112 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Cpio, Enterprise Linux | 2025-04-12 | N/A |
| Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | ||||
| CVE-2014-9471 | 2 Canonical, Gnu | 2 Ubuntu Linux, Coreutils | 2025-04-12 | N/A |
| The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | ||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | ||||
| CVE-2016-7444 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | ||||
| CVE-2014-0466 | 1 Gnu | 1 A2ps | 2025-04-12 | N/A |
| The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. | ||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2025-04-12 | N/A |
| The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | ||||
| CVE-2016-4971 | 5 Canonical, Gnu, Oracle and 2 more | 5 Ubuntu Linux, Wget, Solaris and 2 more | 2025-04-12 | 8.8 High |
| GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | ||||
| CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2025-04-12 | N/A |
| The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | ||||
| CVE-2014-3466 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. | ||||
| CVE-2016-2037 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2025-04-12 | N/A |
| The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | ||||
| CVE-2025-1176 | 1 Gnu | 1 Binutils | 2025-04-11 | 5 Medium |
| A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2011-4128 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-11 | N/A |
| Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. | ||||
| CVE-2013-4332 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-11 | N/A |
| Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. | ||||
| CVE-2010-2056 | 1 Gnu | 1 Gv | 2025-04-11 | N/A |
| GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2010-3192 | 1 Gnu | 1 Glibc | 2025-04-11 | N/A |
| Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | ||||