Filtered by vendor Gnu
Subscribe
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20433 | 1 Gnu | 1 Aspell | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | |||||
CVE-2019-18224 | 1 Gnu | 1 Libidn2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | |||||
CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||
CVE-2012-0824 | 1 Gnu | 1 Gnusound | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
gnusound 0.7.5 has format string issue | |||||
CVE-2019-17544 | 2 Canonical, Gnu | 2 Ubuntu Linux, Aspell | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | |||||
CVE-2020-9366 | 1 Gnu | 1 Screen | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | |||||
CVE-2005-3590 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | |||||
CVE-2019-9775 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. | |||||
CVE-2019-9774 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | |||||
CVE-2019-5953 | 1 Gnu | 1 Wget | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | |||||
CVE-2018-18751 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Gettext, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | |||||
CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
CVE-2018-6551 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | |||||
CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
CVE-2014-5044 | 1 Gnu | 1 Libgfortran | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. | |||||
CVE-2017-18201 | 1 Gnu | 1 Libcdio | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||||
CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 9 Glibc, Data Ontap Edge, Element Software Management and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | |||||
CVE-2018-12699 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | |||||
CVE-2017-18269 | 2 Gnu, Linux | 2 Glibc, Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. | |||||
CVE-2017-15804 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |