Filtered by vendor Gnu
Subscribe
Total
1065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6952 | 1 Gnu | 1 Patch | 2019-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | |||||
| CVE-2018-6951 | 2 Canonical, Gnu | 2 Ubuntu Linux, Patch | 2019-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. | |||||
| CVE-2005-3590 | 1 Gnu | 1 Glibc | 2019-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | |||||
| CVE-2006-7254 | 1 Gnu | 1 Glibc | 2019-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | |||||
| CVE-2017-1000409 | 1 Gnu | 1 Glibc | 2019-04-04 | 6.9 MEDIUM | 7.0 HIGH |
| A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | |||||
| CVE-2018-0494 | 4 Canonical, Debian, Gnu and 1 more | 6 Ubuntu Linux, Debian Linux, Wget and 3 more | 2019-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | |||||
| CVE-2015-5276 | 1 Gnu | 1 Gcc | 2019-02-12 | 5.0 MEDIUM | N/A |
| The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | |||||
| CVE-2019-6455 | 1 Gnu | 1 Recutils | 2019-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. | |||||
| CVE-2019-6456 | 1 Gnu | 1 Recutils | 2019-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. | |||||
| CVE-2019-6460 | 1 Gnu | 1 Recutils | 2019-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. | |||||
| CVE-2018-20430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | |||||
| CVE-2018-20431 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | |||||
| CVE-2012-0035 | 2 Eric M Ludlam, Gnu | 2 Cedet, Emacs | 2018-12-07 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | |||||
| CVE-2017-18201 | 1 Gnu | 1 Libcdio | 2018-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||||
| CVE-2017-18199 | 1 Gnu | 1 Libcdio | 2018-10-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | |||||
| CVE-2017-18198 | 1 Gnu | 1 Libcdio | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | |||||
| CVE-2015-8778 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | |||||
| CVE-2015-8776 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |||||
| CVE-2015-8779 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2018-10-30 | 3.6 LOW | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||