Filtered by vendor Gnu
Subscribe
Total
1065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18224 | 1 Gnu | 1 Libidn2 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | |||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||||
| CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | |||||
| CVE-2019-14866 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
| In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | |||||
| CVE-2020-6614 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | |||||
| CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | |||||
| CVE-2019-17544 | 2 Canonical, Gnu | 2 Ubuntu Linux, Aspell | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | |||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
| CVE-2013-4412 | 3 Berlios, Debian, Gnu | 3 Slim, Debian Linux, Glibc | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| slim has NULL pointer dereference when using crypt() method from glibc 2.17 | |||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
| CVE-2002-2439 | 1 Gnu | 1 Gcc | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | |||||
| CVE-2020-6612 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | |||||
| CVE-2019-20433 | 1 Gnu | 1 Aspell | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | |||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | |||||
| CVE-2019-18192 | 1 Gnu | 1 Guix | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | |||||
| CVE-2019-18397 | 2 Debian, Gnu | 2 Debian Linux, Fribidi | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. | |||||
| CVE-2020-6615 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | |||||
| CVE-2019-20009 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | |||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||
| CVE-2020-6611 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | |||||