Filtered by vendor Gnu
Subscribe
Total
378 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1473 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2023-12-10 | 6.4 MEDIUM | N/A |
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | |||||
CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||
CVE-2015-2806 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. | |||||
CVE-2012-3410 | 1 Gnu | 1 Bash | 2023-12-10 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. | |||||
CVE-2013-7039 | 1 Gnu | 1 Libmicrohttpd | 2023-12-10 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. | |||||
CVE-2011-4328 | 1 Gnu | 1 Gnash | 2023-12-10 | 5.0 MEDIUM | N/A |
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | |||||
CVE-2013-2116 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. | |||||
CVE-2013-4487 | 2 Gnu, Opensuse | 2 Gnutls, Opensuse | 2023-12-10 | 5.0 MEDIUM | N/A |
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. | |||||
CVE-2011-4355 | 1 Gnu | 1 Gdb | 2023-12-10 | 6.9 MEDIUM | N/A |
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | |||||
CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2023-12-10 | 4.3 MEDIUM | N/A |
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | |||||
CVE-2013-1914 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. | |||||
CVE-2013-4466 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. | |||||
CVE-2012-3386 | 1 Gnu | 1 Automake | 2023-12-10 | 4.4 MEDIUM | N/A |
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-1573 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. | |||||
CVE-2013-1619 | 1 Gnu | 1 Gnutls | 2023-12-10 | 4.0 MEDIUM | N/A |
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | |||||
CVE-2012-4424 | 1 Gnu | 1 Glibc | 2023-12-10 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. | |||||
CVE-2012-4412 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | |||||
CVE-2013-4788 | 1 Gnu | 2 Eglibc, Glibc | 2023-12-10 | 5.1 MEDIUM | N/A |
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | |||||
CVE-2012-3479 | 1 Gnu | 1 Emacs | 2023-12-10 | 6.8 MEDIUM | N/A |
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. | |||||
CVE-2013-4237 | 1 Gnu | 1 Glibc | 2023-12-10 | 6.8 MEDIUM | N/A |
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. |