Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Total 1065 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39046 2 Gnu, Netapp 12 Glibc, H300s, H300s Firmware and 9 more 2024-02-04 N/A 5.3 MEDIUM
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
CVE-2023-29491 1 Gnu 1 Ncurses 2024-01-31 N/A 7.8 HIGH
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
CVE-2005-1111 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Cpio 2024-01-26 3.7 LOW 4.7 MEDIUM
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2023-4806 3 Fedoraproject, Gnu, Redhat 22 Fedora, Glibc, Codeready Linux Builder Eus and 19 more 2024-01-25 N/A 5.9 MEDIUM
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
CVE-2021-3826 2 Fedoraproject, Gnu 2 Fedora, Gcc 2024-01-22 N/A 6.5 MEDIUM
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVE-2023-4813 4 Fedoraproject, Gnu, Netapp and 1 more 21 Fedora, Glibc, Active Iq Unified Manager and 18 more 2024-01-21 N/A 5.9 MEDIUM
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
CVE-2022-28734 2 Gnu, Netapp 2 Grub2, Active Iq Unified Manager 2024-01-16 N/A 7.0 HIGH
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
CVE-2021-3981 2 Fedoraproject, Gnu 2 Fedora, Grub2 2024-01-16 2.1 LOW 3.3 LOW
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
CVE-2015-8370 2 Fedoraproject, Gnu 2 Fedora, Grub2 2024-01-16 6.9 MEDIUM N/A
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
CVE-2013-4577 1 Gnu 1 Grub 2024-01-16 2.1 LOW N/A
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
CVE-2009-4128 1 Gnu 1 Grub 2 2024-01-16 7.2 HIGH N/A
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
CVE-2023-26157 1 Gnu 1 Libredwg 2024-01-08 N/A 7.5 HIGH
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
CVE-2023-40303 1 Gnu 1 Inetutils 2024-01-02 N/A 7.8 HIGH
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CVE-2023-4527 4 Fedoraproject, Gnu, Netapp and 1 more 32 Fedora, Glibc, H300s and 29 more 2023-12-28 N/A 6.5 MEDIUM
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
CVE-2015-1197 1 Gnu 1 Cpio 2023-12-27 1.9 LOW N/A
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
CVE-2006-2362 1 Gnu 1 Binutils 2023-12-22 7.5 HIGH N/A
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
CVE-2013-4412 3 Berlios, Debian, Gnu 3 Slim, Debian Linux, Glibc 2023-12-13 5.0 MEDIUM 7.5 HIGH
slim has NULL pointer dereference when using crypt() method from glibc 2.17
CVE-2020-19190 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2023-12-13 N/A 6.5 MEDIUM
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2020-19189 3 Debian, Gnu, Netapp 3 Debian Linux, Ncurses, Active Iq Unified Manager 2023-12-13 N/A 6.5 MEDIUM
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2020-19188 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2023-12-13 N/A 6.5 MEDIUM
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.