Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnu Subscribe
Total 989 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26937 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Screen 2022-05-06 7.5 HIGH 9.8 CRITICAL
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVE-2020-14309 2 Gnu, Opensuse 2 Grub2, Leap 2022-04-28 4.6 MEDIUM 6.7 MEDIUM
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
CVE-2020-35448 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2022-04-26 4.3 MEDIUM 3.3 LOW
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVE-2021-20233 4 Fedoraproject, Gnu, Netapp and 1 more 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more 2022-04-18 7.2 HIGH 8.2 HIGH
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-20225 4 Fedoraproject, Gnu, Netapp and 1 more 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more 2022-04-18 7.2 HIGH 6.7 MEDIUM
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-1010204 2 Gnu, Netapp 4 Binutils, Binutils Gold, Hci Management Node and 1 more 2022-04-18 4.3 MEDIUM 5.5 MEDIUM
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
CVE-2020-14308 2 Gnu, Opensuse 2 Grub2, Leap 2022-04-18 4.4 MEDIUM 6.4 MEDIUM
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
CVE-2020-15705 7 Canonical, Debian, Gnu and 4 more 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more 2022-04-18 4.4 MEDIUM 6.4 MEDIUM
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2019-9924 5 Canonical, Debian, Gnu and 2 more 6 Ubuntu Linux, Debian Linux, Bash and 3 more 2022-04-05 7.2 HIGH 7.8 HIGH
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-15531 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Libextractor 2022-03-31 4.3 MEDIUM 6.5 MEDIUM
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
CVE-2020-16590 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2022-03-23 4.3 MEDIUM 5.5 MEDIUM
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
CVE-2020-16591 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2022-03-23 4.3 MEDIUM 5.5 MEDIUM
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
CVE-2020-16599 2 Gnu, Netapp 5 Binutils, Cloud Backup, Hci Management Node and 2 more 2022-03-23 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVE-2021-46705 3 Gnu, Opensuse, Suse 3 Grub2, Factory, Linux Enterprise Server 2022-03-22 2.1 LOW 5.5 MEDIUM
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
CVE-2021-46195 1 Gnu 1 Gcc 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
CVE-2021-45950 1 Gnu 1 Libredwg 2022-01-11 4.3 MEDIUM 6.5 MEDIUM
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
CVE-2020-6610 2 Gnu, Opensuse 3 Libredwg, Backports, Leap 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVE-2020-9366 1 Gnu 1 Screen 2022-01-01 7.5 HIGH 9.8 CRITICAL
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
CVE-2020-23856 2 Fedoraproject, Gnu 2 Fedora, Cflow 2022-01-01 2.1 LOW 5.5 MEDIUM
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
CVE-2021-45261 1 Gnu 1 Patch 2021-12-28 4.3 MEDIUM 5.5 MEDIUM
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.