Filtered by vendor Gnu
Subscribe
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
CVE-2014-9984 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | |||||
CVE-2017-14062 | 2 Debian, Gnu | 2 Debian Linux, Libidn2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
CVE-2017-14061 | 1 Gnu | 1 Libidn2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
CVE-2017-15670 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | |||||
CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
CVE-2017-7226 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. | |||||
CVE-2016-10324 | 1 Gnu | 1 Osip | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | |||||
CVE-2014-9939 | 1 Gnu | 1 Binutils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. | |||||
CVE-2017-6969 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | |||||
CVE-2015-8972 | 1 Gnu | 1 Chess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | |||||
CVE-2017-7614 | 1 Gnu | 1 Binutils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | |||||
CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
CVE-2017-5336 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
CVE-2017-5337 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | |||||
CVE-2015-8778 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | |||||
CVE-2015-8779 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |||||
CVE-2014-9761 | 5 Canonical, Fedoraproject, Gnu and 2 more | 9 Ubuntu Linux, Fedora, Glibc and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |||||
CVE-2015-8776 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |