Filtered by vendor Gnu
Subscriptions
Total
1198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2025-04-28 | 7.8 High |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
| CVE-2025-43921 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.3 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2025-43920 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.4 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2025-43919 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.8 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | 7.8 High |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | ||||
| CVE-2024-38428 | 2 Gnu, Redhat | 6 Wget, Enterprise Linux, Rhel Aus and 3 more | 2025-04-21 | 9.1 Critical |
| url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. | ||||
| CVE-2016-7543 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Bash, Enterprise Linux | 2025-04-20 | N/A |
| Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | ||||
| CVE-2017-14061 | 1 Gnu | 1 Libidn2 | 2025-04-20 | N/A |
| Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||||
| CVE-2017-9038 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | ||||
| CVE-2017-14940 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | ||||
| CVE-2017-14939 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | ||||
| CVE-2017-14934 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | ||||
| CVE-2017-9044 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | ||||
| CVE-2017-13728 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-13730 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2017-15266 | 1 Gnu | 1 Libextractor | 2025-04-20 | N/A |
| In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. | ||||
| CVE-2017-14930 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | ||||
| CVE-2016-4488 | 1 Gnu | 1 Libiberty | 2025-04-20 | N/A |
| Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | ||||
| CVE-2017-12133 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. | ||||
| CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | N/A |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | ||||