Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1751 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Glibc, Enterprise Linux | 2024-08-04 | 5.1 Medium |
| An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-46848 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Libtasn1 and 2 more | 2024-08-04 | 9.1 Critical |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||||
| CVE-2021-46195 | 2 Gnu, Redhat | 2 Gcc, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | ||||
| CVE-2021-46174 | 1 Gnu | 1 Binutils | 2024-08-04 | 7.5 High |
| Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. | ||||
| CVE-2021-46022 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-08-04 | 5.5 Medium |
| An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-45950 | 1 Gnu | 1 Libredwg | 2024-08-04 | 6.5 Medium |
| LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | ||||
| CVE-2021-46021 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-08-04 | 5.5 Medium |
| An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-46019 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-08-04 | 5.5 Medium |
| An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-45261 | 1 Gnu | 1 Patch | 2024-08-04 | 5.5 Medium |
| An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | ||||
| CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2024-08-04 | 7.8 High |
| stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | ||||
| CVE-2021-44227 | 3 Debian, Gnu, Redhat | 5 Debian Linux, Mailman, Enterprise Linux and 2 more | 2024-08-04 | 8.8 High |
| In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | ||||
| CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-08-04 | 7.5 High |
| In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. | ||||
| CVE-2021-43412 | 1 Gnu | 1 Hurd | 2024-08-04 | 7.8 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | ||||
| CVE-2021-43411 | 1 Gnu | 1 Hurd | 2024-08-04 | 7.5 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. | ||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2024-08-04 | 7.0 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | ||||
| CVE-2021-43413 | 1 Gnu | 1 Hurd | 2024-08-04 | 8.8 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. | ||||
| CVE-2021-43332 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-08-04 | 6.5 Medium |
| In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. | ||||
| CVE-2021-43331 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-08-04 | 6.1 Medium |
| In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | ||||
| CVE-2021-42586 | 1 Gnu | 1 Libredwg | 2024-08-04 | 8.8 High |
| A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | ||||
| CVE-2021-42585 | 1 Gnu | 1 Libredwg | 2024-08-04 | 8.8 High |
| A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | ||||