Filtered by vendor Gnu
Subscriptions
Total
1099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000408 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | ||||
| CVE-2016-10739 | 3 Gnu, Opensuse, Redhat | 4 Glibc, Leap, Ansible Tower and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | ||||
| CVE-2016-10713 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | ||||
| CVE-2015-8313 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2024-11-21 | 5.9 Medium |
| GnuTLS incorrectly validates the first byte of padding in CBC modes | ||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2024-11-21 | 9.8 Critical |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | ||||
| CVE-2015-4041 | 1 Gnu | 1 Coreutils | 2024-11-21 | 7.8 High |
| The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | ||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | ||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 7.5 High |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | ||||
| CVE-2014-5044 | 1 Gnu | 1 Libgfortran | 2024-11-21 | N/A |
| Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. | ||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2024-11-21 | N/A |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | ||||
| CVE-2013-4412 | 3 Berlios, Debian, Gnu | 3 Slim, Debian Linux, Glibc | 2024-11-21 | 7.5 High |
| slim has NULL pointer dereference when using crypt() method from glibc 2.17 | ||||
| CVE-2012-6711 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2024-11-21 | N/A |
| A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). | ||||
| CVE-2012-0824 | 1 Gnu | 1 Gnusound | 2024-11-21 | 9.8 Critical |
| gnusound 0.7.5 has format string issue | ||||
| CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | ||||
| CVE-2006-7254 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | ||||
| CVE-2005-3590 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | ||||
| CVE-2002-2439 | 1 Gnu | 1 Gcc | 2024-11-20 | 7.8 High |
| Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | ||||
| CVE-1999-0199 | 1 Gnu | 1 Glibc | 2024-11-20 | 9.8 Critical |
| manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | ||||
| CVE-2024-50610 | 1 Gnu | 1 Gnu Scientific Library | 2024-10-30 | 3.6 Low |
| GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs. | ||||