CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-45939 78 Exec Code 2022-11-28 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
2 CVE-2022-45332 787 Overflow 2022-11-30 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
3 CVE-2022-41550 190 Overflow 2022-10-11 2022-10-13
0.0
None ??? ??? ??? ??? ??? ???
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.
4 CVE-2022-39832 787 DoS Overflow 2022-09-05 2022-10-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
5 CVE-2022-39831 787 DoS Overflow 2022-09-05 2022-10-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
6 CVE-2022-39046 532 2022-08-31 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
7 CVE-2022-39028 476 2022-08-30 2022-11-29
0.0
None ??? ??? ??? ??? ??? ???
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
8 CVE-2022-38533 787 Overflow 2022-08-26 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
9 CVE-2022-35164 416 2022-08-18 2022-08-19
0.0
None ??? ??? ??? ??? ??? ???
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
10 CVE-2022-33034 787 Overflow 2022-06-23 2022-06-29
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
11 CVE-2022-33033 415 2022-06-23 2022-06-29
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
12 CVE-2022-33032 787 Overflow 2022-06-23 2023-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
13 CVE-2022-33028 787 Overflow 2022-06-23 2023-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
14 CVE-2022-33027 416 2022-06-23 2023-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
15 CVE-2022-33026 787 Overflow 2022-06-23 2023-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
16 CVE-2022-33025 416 2022-06-23 2023-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
17 CVE-2022-33024 617 2022-06-23 2022-06-29
5.0
None Remote Low Not required None None Partial
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.
18 CVE-2022-29458 125 2022-04-18 2022-11-08
5.8
None Remote Medium Not required Partial None Partial
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
19 CVE-2022-27943 400 2022-03-26 2022-12-22
4.3
None Remote Medium Not required None None Partial
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
20 CVE-2022-25310 DoS 2022-09-06 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
21 CVE-2022-25309 787 DoS Overflow 2022-09-06 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
22 CVE-2022-25308 787 DoS Overflow 2022-09-06 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
23 CVE-2022-23219 120 DoS Exec Code Overflow 2022-01-14 2022-11-08
7.5
None Remote Low Not required Partial Partial Partial
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
24 CVE-2022-23218 120 DoS Exec Code Overflow 2022-01-14 2022-11-08
7.5
None Remote Low Not required Partial Partial Partial
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
25 CVE-2022-3775 787 Exec Code Mem. Corr. 2022-12-19 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
26 CVE-2022-3715 787 Overflow 2023-01-05 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
27 CVE-2022-2601 787 Overflow 2022-12-14 2023-02-03
0.0
None ??? ??? ??? ??? ??? ???
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
28 CVE-2022-2509 415 2022-08-01 2022-08-19
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
29 CVE-2022-2469 125 2022-07-19 2022-10-26
0.0
None ??? ??? ??? ??? ??? ???
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
30 CVE-2022-1271 20 2022-08-31 2022-10-07
0.0
None ??? ??? ??? ??? ??? ???
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
31 CVE-2021-46848 125 2022-10-24 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
32 CVE-2021-46195 674 DoS 2022-01-14 2022-01-22
4.3
None Remote Medium Not required None None Partial
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
33 CVE-2021-46022 416 2022-01-14 2022-09-30
4.3
None Remote Medium Not required None None Partial
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
34 CVE-2021-46021 416 2022-01-14 2022-09-30
4.3
None Remote Medium Not required None None Partial
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
35 CVE-2021-46019 476 2022-01-14 2022-09-30
4.3
None Remote Medium Not required None None Partial
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
36 CVE-2021-45950 787 2022-01-01 2022-01-11
4.3
None Remote Medium Not required None None Partial
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
37 CVE-2021-45261 763 DoS 2021-12-22 2021-12-28
4.3
None Remote Medium Not required None None Partial
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
38 CVE-2021-45078 787 DoS Overflow 2021-12-15 2022-09-28
6.8
None Remote Medium Not required Partial Partial Partial
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
39 CVE-2021-44227 352 CSRF 2021-12-02 2022-12-09
6.8
None Remote Medium Not required Partial Partial Partial
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
40 CVE-2021-43414 863 2021-11-07 2021-11-09
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
41 CVE-2021-43413 2021-11-07 2021-11-09
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
42 CVE-2021-43412 416 2021-11-07 2021-11-09
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
43 CVE-2021-43411 362 2021-11-07 2022-07-12
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
44 CVE-2021-43396 2021-11-04 2022-07-25
5.0
None Remote Low Not required None Partial None
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."
45 CVE-2021-43332 522 CSRF 2021-11-12 2022-12-09
4.0
None Remote Low ??? Partial None None
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
46 CVE-2021-43331 79 XSS 2021-11-12 2022-12-09
4.3
None Remote Medium Not required None Partial None
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
47 CVE-2021-42586 787 Overflow 2022-05-23 2022-05-30
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
48 CVE-2021-42585 787 Overflow 2022-05-23 2022-05-30
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
49 CVE-2021-42097 352 +Priv CSRF 2021-10-21 2021-11-05
8.5
None Remote Medium ??? Complete Complete Complete
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
50 CVE-2021-42096 307 +Priv CSRF 2021-10-21 2021-11-05
4.0
None Remote Low ??? Partial None None
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Total number of vulnerabilities : 959   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.