Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30184 | 2 Fedoraproject, Gnu | 2 Fedora, Chess | 2024-08-03 | 7.8 High |
| GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. | ||||
| CVE-2021-28968 | 1 Gnu | 1 Punbb | 2024-08-03 | 5.4 Medium |
| An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. | ||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2024-08-03 | 9.8 Critical |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | ||||
| CVE-2021-28236 | 1 Gnu | 1 Libredwg | 2024-08-03 | 7.5 High |
| LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | ||||
| CVE-2021-27645 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Glibc and 1 more | 2024-08-03 | 2.5 Low |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | ||||
| CVE-2021-26937 | 4 Debian, Fedoraproject, Gnu and 1 more | 7 Debian Linux, Fedora, Screen and 4 more | 2024-08-03 | 9.8 Critical |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | ||||
| CVE-2021-20294 | 1 Gnu | 1 Binutils | 2024-08-03 | 7.8 High |
| A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. | ||||
| CVE-2021-20284 | 3 Gnu, Netapp, Redhat | 4 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-08-03 | 5.5 Medium |
| A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2024-08-03 | 9.8 Critical |
| A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | ||||
| CVE-2021-20233 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 8.2 High |
| A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 6.7 Medium |
| A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2024-08-03 | 9.8 Critical |
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | ||||
| CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2024-08-03 | 6.3 Medium |
| There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | ||||
| CVE-2021-20193 | 1 Gnu | 1 Tar | 2024-08-03 | 5.5 Medium |
| A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-4209 | 3 Gnu, Netapp, Redhat | 6 Gnutls, Active Iq Unified Manager, Hci Bootstrap Os and 3 more | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | ||||
| CVE-2021-3998 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-08-03 | 7.5 High |
| A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | ||||
| CVE-2021-3999 | 4 Debian, Gnu, Netapp and 1 more | 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more | 2024-08-03 | 7.8 High |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | ||||
| CVE-2021-3981 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2024-08-03 | 3.3 Low |
| A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | ||||
| CVE-2021-3826 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Gcc, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||||
| CVE-2021-3697 | 2 Gnu, Redhat | 14 Grub2, Codeready Linux Builder, Developer Tools and 11 more | 2024-08-03 | 7.0 High |
| A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | ||||