Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-10326 | 1 Gnu | 1 Osip | 2024-08-06 | N/A |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. | ||||
CVE-2016-10325 | 1 Gnu | 1 Osip | 2024-08-06 | N/A |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. | ||||
CVE-2016-10228 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-08-06 | N/A |
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | ||||
CVE-2016-9401 | 3 Debian, Gnu, Redhat | 9 Debian Linux, Bash, Enterprise Linux and 6 more | 2024-08-06 | 5.5 Medium |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | ||||
CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2024-08-06 | N/A |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | ||||
CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2024-08-06 | N/A |
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | ||||
CVE-2016-7543 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Bash, Enterprise Linux | 2024-08-06 | N/A |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | ||||
CVE-2016-7444 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-06 | N/A |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | ||||
CVE-2016-7123 | 1 Gnu | 1 Mailman | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2016-7098 | 1 Gnu | 1 Wget | 2024-08-06 | N/A |
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | ||||
CVE-2016-6893 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | ||||
CVE-2016-6321 | 1 Gnu | 1 Tar | 2024-08-06 | N/A |
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | ||||
CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2024-08-06 | N/A |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | ||||
CVE-2016-6262 | 3 Canonical, Gnu, Opensuse | 4 Ubuntu Linux, Libidn, Leap and 1 more | 2024-08-06 | N/A |
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | ||||
CVE-2016-6263 | 1 Gnu | 1 Libidn | 2024-08-06 | N/A |
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | ||||
CVE-2016-6261 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Libidn, Leap | 2024-08-06 | N/A |
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | ||||
CVE-2016-6131 | 1 Gnu | 1 Libiberty | 2024-08-06 | N/A |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | ||||
CVE-2016-5417 | 1 Gnu | 1 Glibc | 2024-08-06 | N/A |
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. | ||||
CVE-2016-4971 | 5 Canonical, Gnu, Oracle and 2 more | 5 Ubuntu Linux, Wget, Solaris and 2 more | 2024-08-06 | 8.8 High |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | ||||
CVE-2016-4973 | 1 Gnu | 1 Libssp | 2024-08-06 | N/A |
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. |