Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Filter

136 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-6271 1 Gnu 1 Bash 2019-10-09 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the...
CVE-2017-10685 1 Gnu 1 Ncurses 2019-10-03 7.5
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2018-20969 1 Gnu 1 Patch 2019-09-05 9.3
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVE-2019-13638 2 Gnu, Debian 2 Patch, Debian Linux 2019-08-16 9.3
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the...
CVE-2018-12699 2 Gnu, Canonical 2 Binutils, Ubuntu Linux 2019-08-03 7.5
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during...
CVE-2019-1010022 1 Gnu 1 Glibc 2019-07-18 7.5
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass...
CVE-2019-5953 1 Gnu 1 Wget 2019-07-02 7.5
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVE-2015-1472 2 Canonical, Gnu 2 Ubuntu Linux, Glibc 2019-06-13 7.5
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer...
CVE-2015-0235 2 Oracle, Gnu 3 Glibc, Communications Applications, Oracle Pillar Axiom 2019-06-13 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2)...
CVE-2014-9984 1 Gnu 1 Glibc 2019-06-13 7.5
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2019-06-13 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...
CVE-2014-9402 4 Gnu, Canonical, Novell and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2019-06-13 7.8
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a...
CVE-2014-4043 3 Gnu, Novell, Opensuse 3 Glibc, Opensuse, Opensuse 2019-06-13 7.5
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
CVE-2012-4412 1 Gnu 1 Glibc 2019-06-13 7.5
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a...
CVE-2018-6485 4 Gnu, Redhat, Netapp and 1 more 14 Glibc, Virtualization Host, Enterprise Linux Desktop and 11 more 2019-04-26 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading...
CVE-2017-16997 2 Gnu, Redhat 5 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-04-26 9.3
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in...
CVE-2018-11236 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 7.5
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer...
CVE-2019-9169 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-04-16 7.5
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2005-3590 1 Gnu 1 Glibc 2019-04-11 7.5
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers...
CVE-2016-9843 4 Gnu, Opensuse Project, Novell and 1 more 6 Zlib, Opensuse, Leap and 3 more 2019-03-25 7.5
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.