Filtered by vendor Gnu
Subscribe
Total
1065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25584 | 1 Gnu | 1 Binutils | 2024-02-28 | N/A | 7.1 HIGH |
| An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. | |||||
| CVE-2021-34337 | 1 Gnu | 1 Mailman | 2024-02-28 | N/A | 6.3 MEDIUM |
| An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. | |||||
| CVE-2023-2491 | 2 Gnu, Redhat | 5 Emacs, Enterprise Linux, Enterprise Linux Eus and 2 more | 2024-02-28 | N/A | 7.8 HIGH |
| A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | |||||
| CVE-2023-1579 | 1 Gnu | 1 Binutils | 2024-02-28 | N/A | 7.8 HIGH |
| Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | |||||
| CVE-2023-36272 | 1 Gnu | 1 Libredwg | 2024-02-28 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | |||||
| CVE-2023-1972 | 1 Gnu | 1 Binutils | 2024-02-28 | N/A | 6.5 MEDIUM |
| A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | |||||
| CVE-2015-20109 | 1 Gnu | 1 Glibc | 2024-02-28 | N/A | 5.5 MEDIUM |
| end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. | |||||
| CVE-2023-28617 | 1 Gnu | 1 Org Mode | 2024-02-28 | N/A | 7.8 HIGH |
| org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | |||||
| CVE-2023-29491 | 1 Gnu | 1 Ncurses | 2024-02-28 | N/A | 7.8 HIGH |
| ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | |||||
| CVE-2023-36274 | 1 Gnu | 1 Libredwg | 2024-02-28 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | |||||
| CVE-2023-36273 | 1 Gnu | 1 Libredwg | 2024-02-28 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | |||||
| CVE-2023-24626 | 1 Gnu | 1 Screen | 2024-02-28 | N/A | 6.5 MEDIUM |
| socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | |||||
| CVE-2023-36271 | 1 Gnu | 1 Libredwg | 2024-02-28 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | |||||
| CVE-2022-48339 | 1 Gnu | 1 Emacs | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | |||||
| CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2024-02-28 | N/A | 9.8 CRITICAL |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2022-48338 | 1 Gnu | 1 Emacs | 2024-02-28 | N/A | 7.3 HIGH |
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | |||||
| CVE-2022-46663 | 2 Fedoraproject, Gnu | 2 Fedora, Less | 2024-02-28 | N/A | 7.5 HIGH |
| In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | |||||
| CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2024-02-28 | N/A | 7.8 HIGH |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2022-3775 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2024-02-28 | N/A | 7.1 HIGH |
| When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | |||||