Filtered by vendor Gnu
Subscriptions
Total
1201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30205 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 7.1 High |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | ||||
| CVE-2024-39331 | 2 Gnu, Redhat | 6 Emacs, Enterprise Linux, Rhel Aus and 3 more | 2025-04-30 | 9.8 Critical |
| In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | ||||
| CVE-2019-14865 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-04-29 | 5.9 Medium |
| A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. | ||||
| CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2025-04-28 | 7.8 High |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
| CVE-2025-43921 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.3 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2025-43920 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.4 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2025-43919 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.8 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | 7.8 High |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | ||||
| CVE-2024-38428 | 2 Gnu, Redhat | 6 Wget, Enterprise Linux, Rhel Aus and 3 more | 2025-04-21 | 9.1 Critical |
| url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. | ||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2025-04-20 | 8.8 High |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | ||||
| CVE-2017-13732 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2017-13731 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | ||||
| CVE-2017-13728 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-11113 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | ||||
| CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2025-04-20 | 0.0 Low |
| In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||||
| CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||||
| CVE-2017-9778 | 1 Gnu | 1 Gdb | 2025-04-20 | N/A |
| GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. | ||||
| CVE-2017-9954 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. | ||||
| CVE-2017-9955 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | ||||