Filtered by vendor Gnu
Subscriptions
Total
1107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3696 | 3 Gnu, Netapp, Redhat | 15 Grub2, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 12 more | 2024-11-21 | 4.5 Medium |
| A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | ||||
| CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 16 Fedora, Grub2, Ontap Select Deploy Administration Utility and 13 more | 2024-11-21 | 4.5 Medium |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | ||||
| CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 High |
| A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | ||||
| CVE-2021-3466 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Libmicrohttpd, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | ||||
| CVE-2021-3418 | 1 Gnu | 1 Grub2 | 2024-11-21 | 6.4 Medium |
| If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | ||||
| CVE-2021-39537 | 2 Apple, Gnu | 3 Mac Os X, Macos, Ncurses | 2024-11-21 | 8.8 High |
| An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | ||||
| CVE-2021-39530 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | ||||
| CVE-2021-39527 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. | ||||
| CVE-2021-39525 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39523 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. | ||||
| CVE-2021-39522 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39521 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. | ||||
| CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2024-11-21 | 7.8 High |
| GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | ||||
| CVE-2021-36080 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | ||||
| CVE-2021-33574 | 5 Debian, Fedoraproject, Gnu and 2 more | 21 Debian Linux, Fedora, Glibc and 18 more | 2024-11-21 | 9.8 Critical |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | ||||
| CVE-2021-32256 | 1 Gnu | 1 Binutils | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. | ||||
| CVE-2021-31879 | 3 Broadcom, Gnu, Netapp | 8 Brocade Fabric Operating System Firmware, Wget, 500f and 5 more | 2024-11-21 | 6.1 Medium |
| GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | ||||
| CVE-2021-28968 | 1 Gnu | 1 Punbb | 2024-11-21 | 5.4 Medium |
| An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. | ||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2024-11-21 | 9.8 Critical |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | ||||