Filtered by vendor Gnu
Subscriptions
Total
1160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0687 | 1 Gnu | 1 Glibc | 2024-11-25 | 4.6 Medium |
| A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | ||||
| CVE-2024-52867 | 1 Gnu | 1 Guix | 2024-11-21 | 8.1 High |
| guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. | ||||
| CVE-2024-0911 | 1 Gnu | 1 Indent | 2024-11-21 | 5.5 Medium |
| A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. | ||||
| CVE-2024-0684 | 1 Gnu | 1 Coreutils | 2024-11-21 | 5.5 Medium |
| A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. | ||||
| CVE-2023-4949 | 2 Gnu, Xen | 2 Grub, Xen | 2024-11-21 | 8.1 High |
| An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. | ||||
| CVE-2023-4156 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gawk, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | ||||
| CVE-2023-40305 | 1 Gnu | 1 Indent | 2024-11-21 | 5.5 Medium |
| GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. | ||||
| CVE-2023-40303 | 1 Gnu | 1 Inetutils | 2024-11-21 | 7.8 High |
| GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | ||||
| CVE-2023-39130 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. | ||||
| CVE-2023-39129 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. | ||||
| CVE-2023-39128 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. | ||||
| CVE-2023-2789 | 1 Gnu | 1 Cflow | 2024-11-21 | 3.5 Low |
| A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-26157 | 1 Gnu | 1 Libredwg | 2024-11-21 | 5.5 Medium |
| Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. | ||||
| CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | ||||
| CVE-2022-48064 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | ||||
| CVE-2022-48063 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | ||||
| CVE-2022-47696 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | ||||
| CVE-2022-47695 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | ||||
| CVE-2022-47673 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | ||||
| CVE-2022-47011 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
| An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||