Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4476 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Tar 2021-05-17 7.5 HIGH N/A
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVE-2019-14865 2 Gnu, Redhat 3 Grub2, Enterprise Linux, Enterprise Linux Eus 2021-05-17 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
CVE-2021-20232 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Enterprise Linux 2021-05-17 7.5 HIGH 9.8 CRITICAL
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVE-2000-0803 1 Gnu 1 Groff 2021-05-10 10.0 HIGH N/A
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVE-2021-20294 1 Gnu 1 Binutils 2021-05-09 6.8 MEDIUM 7.8 HIGH
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
CVE-2021-27851 1 Gnu 1 Guix 2021-05-07 2.1 LOW 5.5 MEDIUM
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
CVE-2021-31879 1 Gnu 1 Wget 2021-05-06 5.8 MEDIUM 6.1 MEDIUM
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
CVE-2019-25013 4 Apache, Fedoraproject, Gnu and 1 more 10 Kafka, Fedora, Glibc and 7 more 2021-05-06 7.1 HIGH 5.9 MEDIUM
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2016-4971 4 Canonical, Gnu, Oracle and 1 more 4 Ubuntu Linux, Wget, Solaris and 1 more 2021-05-05 4.3 MEDIUM 8.8 HIGH
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
CVE-2021-3466 3 Fedoraproject, Gnu, Redhat 3 Fedora, Libmicrohttpd, Enterprise Linux 2021-05-05 10.0 HIGH 9.8 CRITICAL
A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2015-0235 6 Apple, Debian, Gnu and 3 more 17 Mac Os X, Debian Linux, Glibc and 14 more 2021-05-04 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2021-30184 2 Fedoraproject, Gnu 2 Fedora, Chess 2021-05-04 6.8 MEDIUM 7.8 HIGH
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
CVE-2021-3487 3 Fedoraproject, Gnu, Redhat 3 Fedora, Binutils, Enterprise Linux 2021-05-04 7.1 HIGH 6.5 MEDIUM
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
CVE-2020-15707 6 Canonical, Debian, Gnu and 3 more 13 Ubuntu Linux, Debian Linux, Grub2 and 10 more 2021-05-01 4.4 MEDIUM 6.4 MEDIUM
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-14308 1 Gnu 1 Grub2 2021-05-01 4.4 MEDIUM 6.4 MEDIUM
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
CVE-2020-27779 3 Fedoraproject, Gnu, Redhat 7 Fedora, Grub2, Enterprise Linux and 4 more 2021-05-01 6.9 MEDIUM 7.5 HIGH
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-15706 6 Canonical, Debian, Gnu and 3 more 13 Ubuntu Linux, Debian Linux, Grub2 and 10 more 2021-05-01 4.4 MEDIUM 6.4 MEDIUM
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2021-20225 3 Fedoraproject, Gnu, Redhat 7 Fedora, Grub2, Enterprise Linux and 4 more 2021-05-01 7.2 HIGH 6.7 MEDIUM
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25647 3 Fedoraproject, Gnu, Redhat 7 Fedora, Grub2, Enterprise Linux and 4 more 2021-05-01 7.2 HIGH 7.6 HIGH
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-14311 2 Gnu, Redhat 5 Grub2, Enterprise Linux, Enterprise Linux Eus and 2 more 2021-05-01 3.6 LOW 6.0 MEDIUM
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.