Filtered by vendor Gnu
Subscribe
Total
1160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. | |||||
| CVE-2005-1520 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. | |||||
| CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | |||||
| CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2025-04-03 | 2.1 LOW | N/A |
| Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
| CVE-2005-2180 | 1 Gnu | 1 Gnats | 2025-04-03 | 2.1 LOW | N/A |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | |||||
| CVE-2001-1376 | 12 Ascend, Freeradius, Gnu and 9 more | 12 Radius, Freeradius, Radius and 9 more | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | |||||
| CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||||
| CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | |||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2025-04-03 | 7.8 HIGH | N/A |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | |||||
| CVE-2004-0182 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | |||||
| CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2025-04-03 | 1.2 LOW | N/A |
| rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | |||||
| CVE-2004-1185 | 1 Gnu | 1 Enscript | 2025-04-03 | 7.5 HIGH | N/A |
| Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | |||||
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2025-03-28 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2022-48303 | 2 Fedoraproject, Gnu | 2 Fedora, Tar | 2025-03-27 | N/A | 5.5 MEDIUM |
| GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | |||||
| CVE-2023-25139 | 1 Gnu | 1 Glibc | 2025-03-26 | N/A | 9.8 CRITICAL |
| sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | |||||
| CVE-2022-46663 | 2 Fedoraproject, Gnu | 2 Fedora, Less | 2025-03-25 | N/A | 7.5 HIGH |
| In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | |||||
| CVE-2025-0678 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift Container Platform | 2025-03-25 | N/A | 7.8 HIGH |
| A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. | |||||
| CVE-2024-45782 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift Container Platform | 2025-03-25 | N/A | 7.8 HIGH |
| A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. | |||||
| CVE-2024-45779 | 1 Gnu | 1 Grub2 | 2025-03-25 | N/A | 6.0 MEDIUM |
| An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash. | |||||
| CVE-2023-0361 | 5 Debian, Fedoraproject, Gnu and 2 more | 7 Debian Linux, Fedora, Gnutls and 4 more | 2025-03-19 | N/A | 7.4 HIGH |
| A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | |||||