Filtered by vendor Gnu
Subscriptions
Total
1184 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61662 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-21 | 7.8 High |
| A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | ||||
| CVE-2025-66866 | 1 Gnu | 1 Binutils | 2026-01-14 | 5.5 Medium |
| An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66865 | 1 Gnu | 1 Binutils | 2026-01-14 | 7.5 High |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66864 | 1 Gnu | 1 Binutils | 2026-01-14 | 5.5 Medium |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66863 | 1 Gnu | 1 Binutils | 2026-01-14 | 7.5 High |
| An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66862 | 1 Gnu | 1 Binutils | 2026-01-14 | 7.5 High |
| A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66861 | 1 Gnu | 1 Binutils | 2026-01-14 | 2.5 Low |
| An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-69194 | 1 Gnu | 1 Wget | 2026-01-13 | 8.8 High |
| A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment. | ||||
| CVE-2025-69195 | 1 Gnu | 1 Wget | 2026-01-13 | 7.6 High |
| A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities. | ||||
| CVE-2025-65409 | 1 Gnu | 1 Recutils | 2026-01-09 | 7.5 High |
| A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password. | ||||
| CVE-2025-65411 | 2 Gnu, Unrtf Project | 2 Unrtf, Unrtf | 2026-01-09 | 7.5 High |
| A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter. | ||||
| CVE-2025-1125 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-08 | 7.8 High |
| When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections. | ||||
| CVE-2025-0689 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-08 | 7.8 High |
| When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections. | ||||
| CVE-2025-65410 | 2 Gnu, Unrtf Project | 2 Unrtf, Unrtf | 2026-01-06 | 6.2 Medium |
| A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter. | ||||
| CVE-2018-25154 | 1 Gnu | 1 Barcode | 2026-01-05 | 9.8 Critical |
| GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system. | ||||
| CVE-2018-25153 | 1 Gnu | 1 Barcode | 2026-01-05 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability and represents a minor, non-exploitable memory leak. | ||||
| CVE-2014-6278 | 1 Gnu | 1 Bash | 2025-12-30 | 8.8 High |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | ||||
| CVE-2023-5156 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-12-18 | 7.5 High |
| A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | ||||
| CVE-2018-19591 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2025-12-03 | 7.5 High |
| In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. | ||||
| CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2025-12-03 | 9.8 Critical |
| A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | ||||