Filtered by vendor Gnu
Subscriptions
Total
1105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2781 | 1 Gnu | 1 Coreutils | 2025-06-09 | 4.6 Medium |
| chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | ||||
| CVE-2022-29458 | 3 Apple, Debian, Gnu | 3 Macos, Debian Linux, Ncurses | 2025-06-09 | 7.1 High |
| ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | ||||
| CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 8 Debian Linux, Gzip, Enterprise Linux and 5 more | 2025-06-09 | 8.8 High |
| An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | ||||
| CVE-2021-3998 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2025-06-09 | 7.5 High |
| A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | ||||
| CVE-2021-38185 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2025-06-09 | 7.8 High |
| GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. | ||||
| CVE-2021-27645 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Glibc and 1 more | 2025-06-09 | 2.5 Low |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | ||||
| CVE-2010-4226 | 2 Gnu, Opensuse | 2 Cpio, Opensuse | 2025-06-09 | 7.2 High |
| cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. | ||||
| CVE-2023-4806 | 3 Fedoraproject, Gnu, Redhat | 24 Fedora, Glibc, Codeready Linux Builder Eus and 21 more | 2025-06-09 | 5.9 Medium |
| A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | ||||
| CVE-2024-0567 | 5 Debian, Fedoraproject, Gnu and 2 more | 9 Debian Linux, Fedora, Gnutls and 6 more | 2025-06-02 | 7.5 High |
| A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. | ||||
| CVE-2021-38604 | 3 Fedoraproject, Gnu, Oracle | 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2025-05-30 | 7.5 High |
| In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | ||||
| CVE-2025-1178 | 2 Gnu, Netapp | 3 Binutils, Active Iq Unified Manager, Ontap Select Deploy Administration Utility | 2025-05-21 | 5.6 Medium |
| A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-1180 | 1 Gnu | 1 Binutils | 2025-05-21 | 3.1 Low |
| A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-1181 | 2 Gnu, Netapp | 3 Binutils, Active Iq Unified Manager, Ontap Select Deploy Administration Utility | 2025-05-21 | 5 Medium |
| A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-1182 | 1 Gnu | 1 Binutils | 2025-05-21 | 5 Medium |
| A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2022-41550 | 1 Gnu | 1 Osip | 2025-05-20 | 6.5 Medium |
| GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. | ||||
| CVE-2025-3198 | 1 Gnu | 1 Binutils | 2025-05-15 | 3.3 Low |
| A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-24626 | 1 Gnu | 1 Screen | 2025-05-09 | 6.5 Medium |
| socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | ||||
| CVE-2021-26937 | 4 Debian, Fedoraproject, Gnu and 1 more | 7 Debian Linux, Fedora, Screen and 4 more | 2025-05-09 | 9.8 Critical |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | ||||
| CVE-2021-46848 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Libtasn1 and 2 more | 2025-05-07 | 9.1 Critical |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 40 Ubuntu Linux, Debian Linux, Fedora and 37 more | 2025-05-06 | 7.8 High |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | ||||