Filtered by vendor Gnu
Subscriptions
Total
1092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3418 | 1 Gnu | 1 Grub2 | 2024-11-21 | 6.4 Medium |
| If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | ||||
| CVE-2021-3326 | 6 Debian, Fujitsu, Gnu and 3 more | 18 Debian Linux, M10-1, M10-1 Firmware and 15 more | 2024-11-21 | 7.5 High |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2021-39537 | 2 Apple, Gnu | 3 Mac Os X, Macos, Ncurses | 2024-11-21 | 8.8 High |
| An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | ||||
| CVE-2021-39530 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | ||||
| CVE-2021-39527 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. | ||||
| CVE-2021-39525 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39523 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. | ||||
| CVE-2021-39522 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. | ||||
| CVE-2021-39521 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. | ||||
| CVE-2021-38604 | 3 Fedoraproject, Gnu, Oracle | 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2024-11-21 | 7.5 High |
| In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | ||||
| CVE-2021-38185 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2024-11-21 | 7.8 High |
| GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. | ||||
| CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2024-11-21 | 7.8 High |
| GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | ||||
| CVE-2021-36080 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | ||||
| CVE-2021-33574 | 5 Debian, Fedoraproject, Gnu and 2 more | 21 Debian Linux, Fedora, Glibc and 18 more | 2024-11-21 | 9.8 Critical |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | ||||
| CVE-2021-32256 | 1 Gnu | 1 Binutils | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. | ||||
| CVE-2021-31879 | 3 Broadcom, Gnu, Netapp | 8 Brocade Fabric Operating System Firmware, Wget, 500f and 5 more | 2024-11-21 | 6.1 Medium |
| GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | ||||
| CVE-2021-28968 | 1 Gnu | 1 Punbb | 2024-11-21 | 5.4 Medium |
| An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. | ||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2024-11-21 | 9.8 Critical |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | ||||
| CVE-2021-28236 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.5 High |
| LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | ||||