Filtered by vendor Gnu
Subscribe
Total
333 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43411 | 1 Gnu | 1 Hurd | 2023-12-10 | 8.5 HIGH | 7.5 HIGH |
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. | |||||
CVE-2021-43413 | 1 Gnu | 1 Hurd | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. | |||||
CVE-2021-43412 | 1 Gnu | 1 Hurd | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | |||||
CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | |||||
CVE-2021-44227 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | |||||
CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | |||||
CVE-2020-21813 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114. | |||||
CVE-2021-38185 | 1 Gnu | 1 Cpio | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. | |||||
CVE-2020-21827 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379. | |||||
CVE-2020-21836 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. | |||||
CVE-2020-21819 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. | |||||
CVE-2020-21814 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. | |||||
CVE-2020-21841 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. | |||||
CVE-2020-18395 | 1 Gnu | 1 Gama | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | |||||
CVE-2020-21816 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. | |||||
CVE-2020-21818 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. | |||||
CVE-2020-21831 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. | |||||
CVE-2020-21844 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. | |||||
CVE-2021-36080 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | |||||
CVE-2020-21838 | 1 Gnu | 1 Libredwg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. |