Filtered by vendor Gnu
Subscriptions
Total
1073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28736 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 6.4 Medium |
| There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. | ||||
| CVE-2022-28735 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 6.7 Medium |
| The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | ||||
| CVE-2022-28734 | 3 Gnu, Netapp, Redhat | 5 Grub2, Active Iq Unified Manager, Enterprise Linux and 2 more | 2024-11-21 | 8.1 High |
| Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. | ||||
| CVE-2022-28733 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.1 High |
| Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. | ||||
| CVE-2022-27943 | 2 Fedoraproject, Gnu | 2 Fedora, Gcc | 2024-11-21 | 5.5 Medium |
| libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | ||||
| CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. | ||||
| CVE-2022-25309 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. | ||||
| CVE-2022-25308 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | ||||
| CVE-2022-23219 | 4 Debian, Gnu, Oracle and 1 more | 9 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 6 more | 2024-11-21 | 9.8 Critical |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-23218 | 4 Debian, Gnu, Oracle and 1 more | 5 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 2 more | 2024-11-21 | 9.8 Critical |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 8 Debian Linux, Gzip, Enterprise Linux and 5 more | 2024-11-21 | 8.8 High |
| An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | ||||
| CVE-2021-4209 | 3 Gnu, Netapp, Redhat | 6 Gnutls, Active Iq Unified Manager, Hci Bootstrap Os and 3 more | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | ||||
| CVE-2021-46848 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Libtasn1 and 2 more | 2024-11-21 | 9.1 Critical |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||||
| CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2024-11-21 | 5.1 Medium |
| A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | ||||
| CVE-2021-46195 | 2 Gnu, Redhat | 2 Gcc, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | ||||
| CVE-2021-46174 | 2 Binutils, Gnu | 2 Objdump, Binutils | 2024-11-21 | 7.5 High |
| Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. | ||||
| CVE-2021-46022 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 5.5 Medium |
| An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-46021 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 5.5 Medium |
| An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-46019 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 5.5 Medium |
| An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-45950 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.5 Medium |
| LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | ||||