Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-33033 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | |||||
CVE-2022-33034 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | |||||
CVE-2021-42585 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
CVE-2022-27943 | 2 Fedoraproject, Gnu | 2 Fedora, Gcc | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | |||||
CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | |||||
CVE-2021-43412 | 1 Gnu | 1 Hurd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | |||||
CVE-2021-39530 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | |||||
CVE-2021-43331 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | |||||
CVE-2021-39523 | 1 Gnu | 1 Libredwg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. | |||||
CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | |||||
CVE-2021-45950 | 1 Gnu | 1 Libredwg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | |||||
CVE-2021-42096 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. | |||||
CVE-2021-39521 | 1 Gnu | 1 Libredwg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. | |||||
CVE-2021-43414 | 1 Gnu | 1 Hurd | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | |||||
CVE-2021-42097 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 8.5 HIGH | 8.0 HIGH |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | |||||
CVE-2021-44227 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | |||||
CVE-2021-39527 | 1 Gnu | 1 Libredwg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. | |||||
CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | |||||
CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | |||||
CVE-2021-46022 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |