| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27943 |
400 |
|
|
2022-03-26 |
2022-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. |
|
2 |
CVE-2021-46195 |
674 |
|
DoS |
2022-01-14 |
2022-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. |
|
3 |
CVE-2021-46022 |
416 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
|
4 |
CVE-2021-46021 |
416 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
|
5 |
CVE-2021-46019 |
476 |
|
|
2022-01-14 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. |
|
6 |
CVE-2021-45950 |
787 |
|
|
2022-01-01 |
2022-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). |
|
7 |
CVE-2021-45261 |
763 |
|
DoS |
2021-12-22 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
|
8 |
CVE-2021-43332 |
522 |
|
CSRF |
2021-11-12 |
2022-12-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. |
|
9 |
CVE-2021-43331 |
79 |
|
XSS |
2021-11-12 |
2022-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. |
|
10 |
CVE-2021-42096 |
307 |
|
+Priv CSRF |
2021-10-21 |
2021-11-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. |
|
11 |
CVE-2021-40491 |
345 |
|
|
2021-09-03 |
2022-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. |
|
12 |
CVE-2021-39523 |
476 |
|
DoS |
2021-09-20 |
2021-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. |
|
13 |
CVE-2021-39521 |
476 |
|
DoS |
2021-09-20 |
2021-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. |
|
14 |
CVE-2021-20284 |
787 |
|
Overflow |
2021-03-26 |
2022-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. |
|
15 |
CVE-2021-20193 |
125 |
|
|
2021-03-26 |
2021-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. |
|
16 |
CVE-2021-3697 |
787 |
|
Exec Code |
2022-07-06 |
2022-10-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. |
|
17 |
CVE-2021-3695 |
787 |
|
Exec Code Mem. Corr. |
2022-07-06 |
2022-10-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. |
|
18 |
CVE-2021-3418 |
281 |
|
|
2021-03-15 |
2021-03-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. |
|
19 |
CVE-2020-35507 |
476 |
|
|
2021-01-04 |
2023-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. |
|
20 |
CVE-2020-35496 |
476 |
|
|
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
|
21 |
CVE-2020-35495 |
476 |
|
|
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
|
22 |
CVE-2020-35493 |
20 |
|
Overflow |
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. |
|
23 |
CVE-2020-35448 |
125 |
|
|
2020-12-27 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. |
|
24 |
CVE-2020-23861 |
787 |
|
DoS Overflow |
2021-05-18 |
2021-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. |
|
25 |
CVE-2020-21839 |
401 |
|
|
2021-05-17 |
2022-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638. |
|
26 |
CVE-2020-21835 |
476 |
|
|
2021-05-17 |
2021-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337. |
|
27 |
CVE-2020-21834 |
787 |
|
|
2021-05-17 |
2021-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. |
|
28 |
CVE-2020-21817 |
476 |
|
DoS |
2021-05-17 |
2021-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash). |
|
29 |
CVE-2020-21815 |
476 |
|
DoS |
2021-05-17 |
2021-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash). |
|
30 |
CVE-2020-16599 |
476 |
|
DoS |
2020-12-09 |
2022-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. |
|
31 |
CVE-2020-16593 |
476 |
|
DoS |
2020-12-09 |
2022-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. |
|
32 |
CVE-2020-16592 |
416 |
|
DoS |
2020-12-09 |
2022-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. |
|
33 |
CVE-2020-16591 |
125 |
|
DoS |
2020-12-09 |
2022-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. |
|
34 |
CVE-2020-16590 |
415 |
|
|
2020-12-09 |
2022-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. |
|
35 |
CVE-2020-15807 |
476 |
|
|
2020-07-17 |
2020-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. |
|
36 |
CVE-2020-15707 |
362 |
|
Exec Code Overflow Bypass |
2020-07-29 |
2021-09-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. |
|
37 |
CVE-2020-15706 |
362 |
|
Exec Code Bypass |
2020-07-29 |
2022-11-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. |
|
38 |
CVE-2020-15705 |
347 |
|
Bypass |
2020-07-29 |
2022-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
|
39 |
CVE-2020-14309 |
787 |
|
Overflow |
2020-07-30 |
2022-04-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. |
|
40 |
CVE-2020-14308 |
190 |
|
Overflow |
2020-07-29 |
2022-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. |
|
41 |
CVE-2020-12137 |
79 |
|
Exec Code XSS |
2020-04-24 |
2022-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. |
|
42 |
CVE-2020-12108 |
74 |
|
|
2020-05-06 |
2021-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. |
|
43 |
CVE-2020-10713 |
120 |
|
Exec Code Overflow Bypass |
2020-07-30 |
2022-11-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
44 |
CVE-2020-6615 |
476 |
|
|
2020-01-08 |
2022-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). |
|
45 |
CVE-2020-6611 |
476 |
|
|
2020-01-08 |
2022-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. |
|
46 |
CVE-2020-6610 |
770 |
|
|
2020-01-08 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. |
|
47 |
CVE-2019-1010204 |
125 |
|
DoS |
2019-07-23 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. |
|
48 |
CVE-2019-25051 |
787 |
|
Overflow |
2021-07-20 |
2021-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). |
|
49 |
CVE-2019-20911 |
835 |
|
DoS |
2020-07-16 |
2020-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. |
|
50 |
CVE-2019-20633 |
415 |
|
DoS |
2020-03-25 |
2020-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. |
