Filtered by vendor Gnu
Subscribe
Total
378 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6251 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | |||||
CVE-2015-3622 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libtasn1, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. | |||||
CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2023-12-10 | 3.6 LOW | N/A |
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2015-5277 | 3 Canonical, Gnu, Redhat | 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. | |||||
CVE-2015-4155 | 1 Gnu | 1 Parallel | 2023-12-10 | 3.6 LOW | N/A |
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2015-6806 | 1 Gnu | 1 Gnu Screen | 2023-12-10 | 5.0 MEDIUM | N/A |
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | |||||
CVE-2013-7424 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.1 MEDIUM | N/A |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. | |||||
CVE-2015-1781 | 4 Canonical, Debian, Gnu and 1 more | 6 Ubuntu Linux, Debian Linux, Glibc and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. | |||||
CVE-2014-9112 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2023-12-10 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||||
CVE-2009-5138 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.8 MEDIUM | N/A |
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | |||||
CVE-2014-3467 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||||
CVE-2014-4877 | 1 Gnu | 1 Wget | 2023-12-10 | 9.3 HIGH | N/A |
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | |||||
CVE-2014-6040 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. | |||||
CVE-2014-9471 | 2 Canonical, Gnu | 2 Ubuntu Linux, Coreutils | 2023-12-10 | 7.5 HIGH | N/A |
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | |||||
CVE-2012-3406 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | |||||
CVE-2014-6278 | 1 Gnu | 1 Bash | 2023-12-10 | 10.0 HIGH | N/A |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | |||||
CVE-2014-8501 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2023-12-10 | 7.5 HIGH | N/A |
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. | |||||
CVE-2010-4226 | 2 Gnu, Opensuse | 2 Cpio, Opensuse | 2023-12-10 | 5.0 MEDIUM | N/A |
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. | |||||
CVE-2014-0466 | 1 Gnu | 1 A2ps | 2023-12-10 | 6.8 MEDIUM | N/A |
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. | |||||
CVE-2014-3469 | 4 Debian, Gnu, Redhat and 1 more | 14 Debian Linux, Gnutls, Libtasn1 and 11 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. |