# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-45939 |
78 |
|
Exec Code |
2022-11-28 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. |
2 |
CVE-2022-45332 |
787 |
|
Overflow |
2022-11-30 |
2022-12-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. |
3 |
CVE-2022-41550 |
190 |
|
Overflow |
2022-10-11 |
2022-10-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. |
4 |
CVE-2022-39832 |
787 |
|
DoS Overflow |
2022-09-05 |
2022-10-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
5 |
CVE-2022-39831 |
787 |
|
DoS Overflow |
2022-09-05 |
2022-10-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. |
6 |
CVE-2022-39046 |
532 |
|
|
2022-08-31 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. |
7 |
CVE-2022-39028 |
476 |
|
|
2022-08-30 |
2022-11-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. |
8 |
CVE-2022-38533 |
787 |
|
Overflow |
2022-08-26 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. |
9 |
CVE-2022-35164 |
416 |
|
|
2022-08-18 |
2022-08-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. |
10 |
CVE-2022-33034 |
787 |
|
Overflow |
2022-06-23 |
2022-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. |
11 |
CVE-2022-33033 |
415 |
|
|
2022-06-23 |
2022-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. |
12 |
CVE-2022-33032 |
787 |
|
Overflow |
2022-06-23 |
2023-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. |
13 |
CVE-2022-33028 |
787 |
|
Overflow |
2022-06-23 |
2023-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. |
14 |
CVE-2022-33027 |
416 |
|
|
2022-06-23 |
2023-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. |
15 |
CVE-2022-33026 |
787 |
|
Overflow |
2022-06-23 |
2023-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. |
16 |
CVE-2022-33025 |
416 |
|
|
2022-06-23 |
2023-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. |
17 |
CVE-2022-33024 |
617 |
|
|
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. |
18 |
CVE-2022-29458 |
125 |
|
|
2022-04-18 |
2022-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
19 |
CVE-2022-27943 |
400 |
|
|
2022-03-26 |
2022-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. |
20 |
CVE-2022-25310 |
|
|
DoS |
2022-09-06 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. |
21 |
CVE-2022-25309 |
787 |
|
DoS Overflow |
2022-09-06 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. |
22 |
CVE-2022-25308 |
787 |
|
DoS Overflow |
2022-09-06 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. |
23 |
CVE-2022-23219 |
120 |
|
DoS Exec Code Overflow |
2022-01-14 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
24 |
CVE-2022-23218 |
120 |
|
DoS Exec Code Overflow |
2022-01-14 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
25 |
CVE-2022-3775 |
787 |
|
Exec Code Mem. Corr. |
2022-12-19 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. |
26 |
CVE-2022-3715 |
787 |
|
Overflow |
2023-01-05 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. |
27 |
CVE-2022-2601 |
787 |
|
Overflow |
2022-12-14 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. |
28 |
CVE-2022-2509 |
415 |
|
|
2022-08-01 |
2022-08-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. |
29 |
CVE-2022-2469 |
125 |
|
|
2022-07-19 |
2022-10-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client |
30 |
CVE-2022-1271 |
20 |
|
|
2022-08-31 |
2022-10-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
31 |
CVE-2021-46848 |
125 |
|
|
2022-10-24 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. |
32 |
CVE-2021-46195 |
674 |
|
DoS |
2022-01-14 |
2022-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. |
33 |
CVE-2021-46022 |
416 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
34 |
CVE-2021-46021 |
416 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
35 |
CVE-2021-46019 |
476 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
36 |
CVE-2021-45950 |
787 |
|
|
2022-01-01 |
2022-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). |
37 |
CVE-2021-45261 |
763 |
|
DoS |
2021-12-22 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
38 |
CVE-2021-45078 |
787 |
|
DoS Overflow |
2021-12-15 |
2022-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
39 |
CVE-2021-44227 |
352 |
|
CSRF |
2021-12-02 |
2022-12-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. |
40 |
CVE-2021-43414 |
863 |
|
|
2021-11-07 |
2021-11-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. |
41 |
CVE-2021-43413 |
|
|
|
2021-11-07 |
2021-11-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. |
42 |
CVE-2021-43412 |
416 |
|
|
2021-11-07 |
2021-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. |
43 |
CVE-2021-43411 |
362 |
|
|
2021-11-07 |
2022-07-12 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. |
44 |
CVE-2021-43396 |
|
|
|
2021-11-04 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug." |
45 |
CVE-2021-43332 |
522 |
|
CSRF |
2021-11-12 |
2022-12-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. |
46 |
CVE-2021-43331 |
79 |
|
XSS |
2021-11-12 |
2022-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. |
47 |
CVE-2021-42586 |
787 |
|
Overflow |
2022-05-23 |
2022-05-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. |
48 |
CVE-2021-42585 |
787 |
|
Overflow |
2022-05-23 |
2022-05-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. |
49 |
CVE-2021-42097 |
352 |
|
+Priv CSRF |
2021-10-21 |
2021-11-05 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). |
50 |
CVE-2021-42096 |
307 |
|
+Priv CSRF |
2021-10-21 |
2021-11-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. |