Land IP denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 9.05 |
| hp | hp-ux | 9.04 |
| hp | hp-ux | 10.00 |
| hp | hp-ux | 10.16 |
| hp | hp-ux | 10.24 |
| hp | hp-ux | 9.03 |
| hp | hp-ux | 10.30 |
| microsoft | windows_nt | 4.0 |
| cisco | ios | 7000 |
| gnu | inet | 5.01 |
| sun | sunos | 4.1.3u1 |
| hp | hp-ux | 10.10 |
| hp | hp-ux | 10.20 |
| microsoft | winsock | 2.0 |
| hp | hp-ux | 9.07 |
| hp | hp-ux | 9.00 |
| microsoft | windows_95 | * |
| hp | hp-ux | 9.01 |
| sun | sunos | 4.1.4 |
| netbsd | netbsd | 1.0 |
| hp | hp-ux | 10.01 |
| hp | hp-ux | 11.00 |
| netbsd | netbsd | 1.1 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.5 |
| washington_university | wu-ftpd | 2.4 |
| sco | openserver | 5.0.4 |
| ibm | aix | 4.2 |
| ibm | aix | 4.3 |
| gnu | inet | 5.01 |
| sun | sunos | 4.1.3u1 |
| gnu | inet | 6.01 |
| ibm | aix | 4.1 |
| sun | sunos | 5.5.1 |
| caldera | openlinux | 1.2 |
| sun | sunos | 4.1.4 |
| netbsd | netbsd | 1.0 |
| freebsd | freebsd | 2.1.0 |
| netbsd | netbsd | 1.2.1 |
| sco | open_desktop | 3.0 |
| freebsd | freebsd | 2.0 |
| ibm | aix | 3.2 |
| freebsd | freebsd | 1.1 |
| gnu | inet | 6.02 |
| sun | sunos | 5.3 |
| sco | unixware | 2.1 |
| freebsd | freebsd | 1.0 |
| freebsd | freebsd | 2.1.7 |
| netbsd | netbsd | 1.2 |
| freebsd | freebsd | 1.2 |
| siemens | reliant_unix | * |
| netbsd | netbsd | 1.1 |
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,CWE-364,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | * |
| gnu | inet | 5.01 |
Buffer overflow in NLS (Natural Language Service).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | 3.1 |
| gnu | libc | 5.2.18 |
| ibm | aix | 4.2 |
| gnu | libc | 5.0.9 |
| ibm | aix | 3.2.5 |
| cray | unicos | 1.5 |
| cray | unicos | 9.2 |
| redhat | linux | 4.0 |
| gnu | libc | 5.3.12 |
| cray | unicos | 9.0 |
| ibm | aix | 4.1 |
| cray | unicos_max | 1.3 |
The Perl fingerd program allows arbitrary command execution from remote users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fingerd | * |
Denial of service of inetd on Linux through SYN and RST packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 10 |
| linux | linux_kernel | 2.6.20.1 |
| gnu | inet | 5.01 |
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.5.3 |
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 1.14.2 |
| gnu | bash | 2.02.1 |
| gnu | bash | 2.03 |
| gnu | bash | 2.05 |
| gnu | bash | * |
| gnu | bash | 1.14.7 |
| gnu | bash | 2.01 |
| gnu | bash | 1.14.0 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 2.01.1 |
| gnu | bash | 1.14.6 |
| gnu | bash | 1.14.5 |
| gnu | bash | 2.0 |
| gnu | bash | 2.02 |
| gnu | bash | 1.14.3 |
A version of finger is running that exposes valid user information to any entity on the network.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fingerd | * |
| microsoft | windows_2000 | * |
| microsoft | windows_nt | * |
| gnu | finger_service | * |
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnumeric | 0.27 |
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fingerd | 1.37 |
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 1.14.2 |
| gnu | bash | * |
| gnu | bash | 1.14.5 |
| gnu | bash | 1.14.0 |
| tcsh | tcsh | 6.05 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 1.14.3 |
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | make | 3.77.44 |
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 20.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.2 |
| gnu | emacs | 20.6 |
| gnu | emacs | 20.4 |
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 20.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.2 |
| gnu | emacs | 20.6 |
| gnu | emacs | 20.4 |
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 20.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.2 |
| gnu | emacs | 20.6 |
| gnu | emacs | 20.4 |
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.1.3 |
| isc | bind | 8.2.2 |
| isc | bind | 8.2.1 |
| isc | bind | 8.2 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.0 |
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| conectiva | linux | 4.2 |
| conectiva | linux | 4.1 |
| gnu | mailman | 2.0 |
| conectiva | linux | 5.1 |
| conectiva | linux | 5.0 |
| redhat | linux | * |
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | userv | 1.0.0 |
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | * |
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.1.1 |
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 1.1 |
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 1.5.3-4 |
| gnu | cfengine | 1.5 |
| gnu | cfengine | 1.6 |
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.1.3.10 |
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 6.2 |
| freebsd | freebsd | 3.5.1 |
| freebsd | freebsd | 4.1 |
| redhat | linux | 7.0 |
| freebsd | freebsd | 4.1.1 |
| gnu | ncurses | * |
| immunix | immunix | 7.0_beta |
| immunix | immunix | 6.2 |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 4.0 |
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.0 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.0.1 |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ed | 2.15 |
| gnu | ed | 2.16tr |
| gnu | ed | 2.18.0 |
| gnu | ed | 2.18 |
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | g++ | * |
| gnu | gcc | * |
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.0.3b |
| gnu | privacy_guard | 1.0 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.0.1 |
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.0.3b |
| gnu | privacy_guard | 1.0 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.0.1 |
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 7.1 |
| gnu | privacy_guard | 7.2 |
| gnu | privacy_guard | 8.0 |
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 5.0 |
| gnu | mailman | 6.0 |
| gnu | mailman | * |
| gnu | mailman | 5.1 |
| gnu | mailman | 7.0 |
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.11 |
| gnu | groff | 1.10 |
| gnu | groff | 1.15 |
| gnu | groff | 1.11a |
| gnu | groff | 1.16.1 |
| jgroff | jgroff | * |
| gnu | groff | 1.14 |
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | 8.0 |
| gnu | findutils | 4.0 |
| gnu | findutils | 4.1 |
| slackware | slackware_linux | 7.1 |
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4 |
| gnu | gzip | 1.2.4a |
| gnu | gzip | 1.3 |
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | * |
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.4 |
| xemacs | xemacs | 21.1.10 |
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yard_radius | yard_radius | 1.0.19 |
| yard_radius | yard_radius | 1.0_pre14 |
| miquel_van_smoorenburg_cistron | radius | 1.6.4 |
| gnu | radius | 0.93 |
| openradius | openradius | 0.9.2 |
| icradius | icradius | 0.18 |
| lucent | radius | 2.0.1 |
| lucent | radius | 2.1 |
| gnu | radius | 0.94 |
| miquel_van_smoorenburg_cistron | radius | 1.6_.0 |
| openradius | openradius | 0.9.3 |
| gnu | radius | 0.95 |
| yard_radius | yard_radius | 1.0.18 |
| lucent | radius | 2.0 |
| miquel_van_smoorenburg_cistron | radius | 1.6.2 |
| openradius | openradius | 0.8 |
| yard_radius_project | yard_radius | 1.0.16 |
| freeradius | freeradius | 0.2 |
| livingston | radius | 2.0 |
| openradius | openradius | 0.9 |
| icradius | icradius | 0.18.1 |
| ascend | radius | 1.16 |
| xtradius | xtradius | 1.1_pre1 |
| yard_radius | yard_radius | 1.0_pre13 |
| icradius | icradius | 0.17 |
| icradius | icradius | 0.17b |
| livingston | radius | 2.0.1 |
| radiusclient | radiusclient | 0.3.1 |
| icradius | icradius | 0.14 |
| icradius | icradius | 0.16 |
| yard_radius | yard_radius | 1.0_pre15 |
| freeradius | freeradius | 0.3 |
| yard_radius | yard_radius | 1.0.17 |
| gnu | radius | 0.92.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.5 |
| openradius | openradius | 0.9.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.3 |
| icradius | icradius | 0.15 |
| livingston | radius | 2.1 |
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yard_radius | yard_radius | 1.0.19 |
| yard_radius | yard_radius | 1.0_pre14 |
| miquel_van_smoorenburg_cistron | radius | 1.6.4 |
| gnu | radius | 0.93 |
| openradius | openradius | 0.9.2 |
| icradius | icradius | 0.18 |
| lucent | radius | 2.0.1 |
| lucent | radius | 2.1 |
| gnu | radius | 0.94 |
| miquel_van_smoorenburg_cistron | radius | 1.6_.0 |
| openradius | openradius | 0.9.3 |
| gnu | radius | 0.95 |
| yard_radius | yard_radius | 1.0.18 |
| lucent | radius | 2.0 |
| miquel_van_smoorenburg_cistron | radius | 1.6.2 |
| openradius | openradius | 0.8 |
| yard_radius_project | yard_radius | 1.0.16 |
| freeradius | freeradius | 0.2 |
| livingston | radius | 2.0 |
| openradius | openradius | 0.9 |
| xtradius | xtradius | 1.1_pre2 |
| icradius | icradius | 0.18.1 |
| xtradius | xtradius | 1.1_pre1 |
| yard_radius | yard_radius | 1.0_pre13 |
| icradius | icradius | 0.17 |
| icradius | icradius | 0.17b |
| livingston | radius | 2.0.1 |
| radiusclient | radiusclient | 0.3.1 |
| icradius | icradius | 0.14 |
| icradius | icradius | 0.16 |
| yard_radius | yard_radius | 1.0_pre15 |
| freeradius | freeradius | 0.3 |
| yard_radius | yard_radius | 1.0.17 |
| gnu | radius | 0.92.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.5 |
| openradius | openradius | 0.9.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.3 |
| icradius | icradius | 0.15 |
| livingston | radius | 2.1 |
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | * |
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 6.2 |
| redhat | linux | 7.1 |
| gnu | enscript | * |
| debian | debian_linux | 2.2 |
| redhat | linux | 6.1 |
| redhat | linux | 6.0 |
| redhat | linux | 7.0 |
| redhat | linux | 7.2 |
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 6.3 |
| freebsd | freebsd | 3.5.1 |
| freebsd | freebsd | 3.3 |
| freebsd | freebsd | 3.2 |
| suse | suse_linux | 7.0 |
| redhat | linux | 6.1 |
| freebsd | freebsd | 3.5 |
| freebsd | freebsd | 3.1 |
| gnu | ncurses | * |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 4.0 |
| redhat | linux | 7.1 |
| freebsd | freebsd | 4.1 |
| debian | debian_linux | 2.2 |
| redhat | linux | 7.0 |
| redhat | linux | 7.2 |
| freebsd | freebsd | 4.1.1 |
| suse | suse_linux | 6.2 |
| freebsd | freebsd | 5.0 |
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | sharutils | 4.2 |
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | chess | * |
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.13.25 |
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fileutils | 4.1.6 |
| gnu | fileutils | 4.0 |
| gnu | fileutils | 4.1 |
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| isc | bind | 4.9.8 |
| gnu | glibc | * |
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.0.12 |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.13.19 |
| gnu | tar | * |
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.16f |
| apple | mac_os_x | 10.1 |
| sgi | irix | 6.5.6 |
| gnu | glibc | 2.2.1 |
| apple | mac_os_x | 10.2 |
| sgi | irix | 6.5.9 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| apple | mac_os_x | 10.1.4 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| sgi | irix | 6.5.5 |
| sgi | irix | 6.5.17f |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.13 |
| gnu | glibc | 2.0.6 |
| sgi | irix | 6.5.3 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| sgi | irix | 6.5.14m |
| apple | mac_os_x_server | 10.0 |
| apple | mac_os_x | 10.0.3 |
| apple | mac_os_x | 10.2.1 |
| apple | mac_os_x | 10.1.1 |
| apple | mac_os_x | 10.1.3 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.14f |
| sgi | irix | 6.5.7 |
| gnu | glibc | 2.0.2 |
| apple | mac_os_x | 10.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| apple | mac_os_x | 10.1.5 |
| sgi | irix | 6.5.11 |
| gnu | glibc | 2.2.3 |
| sgi | irix | 6.5.15m |
| sgi | irix | 6.5.16m |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| sgi | irix | 6.5.17m |
| apple | mac_os_x_server | 10.2 |
| apple | mac_os_x | 10.0 |
| apple | mac_os_x | 10.1.2 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.12 |
| apple | mac_os_x | 10.0.4 |
| gnu | glibc | 2.0.1 |
| sgi | irix | 6.5.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.2.2 |
| sgi | irix | 6.5.4 |
| gnu | glibc | 2.1.3.10 |
| apple | mac_os_x | 10.0.1 |
| apple | mac_os_x_server | 10.2.1 |
| sgi | irix | 2.3.1 |
| sgi | irix | 6.5.2 |
| gnu | glibc | 2.0.5 |
| sgi | irix | 6.5.10 |
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.8.2 |
| gnu | wget | 1.8 |
| gnu | wget | 1.7 |
| gnu | wget | 1.7.1 |
| sun | cobalt_raq_xtr | * |
| gnu | wget | 1.6 |
| gnu | wget | 1.8.1 |
| gnu | wget | 1.5.3 |
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | 3.9.10 |
| gnu | screen | 3.9.4 |
| gnu | screen | 3.9.8 |
| gnu | screen | 3.9.9 |
| gnu | screen | 3.9.11 |
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | data_display_debugger | 3.3.1 |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mit | kerberos_5 | 1.2.5 |
| sun | solaris | 2.5.1 |
| sgi | irix | 6.5.6 |
| sun | sunos | 5.7 |
| cray | unicos | 6.0e |
| sgi | irix | 6.5.3f |
| cray | unicos | 9.2.4 |
| sgi | irix | 6.5.13m |
| openafs | openafs | 1.0.4a |
| sgi | irix | 6.5.9 |
| hp | hp-ux | 11.20 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.3 |
| hp | hp-ux | 11.00 |
| freebsd | freebsd | 5.0 |
| gnu | glibc | 2.3.2 |
| sgi | irix | 6.5.5 |
| openafs | openafs | 1.1 |
| sgi | irix | 6.5.13 |
| openafs | openafs | 1.0.1 |
| sgi | irix | 6.5.16 |
| openafs | openafs | 1.3 |
| freebsd | freebsd | 4.0 |
| sgi | irix | 6.5.18f |
| openbsd | openbsd | 3.1 |
| sgi | irix | 6.5.5m |
| sgi | irix | 6.5.14m |
| cray | unicos | 8.0 |
| openbsd | openbsd | 2.7 |
| sgi | irix | 6.5.18m |
| openbsd | openbsd | 2.8 |
| openafs | openafs | 1.0.3 |
| freebsd | freebsd | 4.2 |
| openafs | openafs | 1.2.1 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.14f |
| openafs | openafs | 1.3.2 |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.4m |
| hp | hp-ux | 10.20 |
| sgi | irix | 6.5.15m |
| sgi | irix | 6.5.17 |
| openafs | openafs | 1.2.2 |
| mit | kerberos_5 | 1.2.4 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.17m |
| cray | unicos | 6.0 |
| sgi | irix | 6.5.12m |
| sgi | irix | 6.5.12f |
| sgi | irix | 6.5.10m |
| hp | hp-ux | 11.22 |
| sgi | irix | 6.5.18 |
| sgi | irix | 6.5.2f |
| sun | solaris | 7.0 |
| sgi | irix | 6.5.1 |
| gnu | glibc | 2.2.2 |
| sgi | irix | 6.5.4 |
| freebsd | freebsd | 4.7 |
| freebsd | freebsd | 4.5 |
| openbsd | openbsd | 2.4 |
| sgi | irix | 6.5.10 |
| gnu | glibc | 2.3.1 |
| sgi | irix | 6.5.16f |
| sgi | irix | 6.5.8f |
| mit | kerberos_5 | 1.2.2 |
| ibm | aix | 5.2 |
| gnu | glibc | 2.2.1 |
| mit | kerberos_5 | 1.2.1 |
| openafs | openafs | 1.0 |
| ibm | aix | 4.3.3 |
| openafs | openafs | 1.2.4 |
| sgi | irix | 6.5.2m |
| cray | unicos | 8.3 |
| sun | sunos | 5.5.1 |
| sgi | irix | 6.5.4f |
| sgi | irix | 6.5.8m |
| sun | sunos | - |
| gnu | glibc | 2.1.1 |
| freebsd | freebsd | 4.6.2 |
| sgi | irix | 6.5.6m |
| sun | solaris | 2.6 |
| openafs | openafs | 1.2.6 |
| hp | hp-ux | 11.04 |
| sgi | irix | 6.5.17f |
| openafs | openafs | 1.2.5 |
| sgi | irix | 6.5.8 |
| openbsd | openbsd | 2.9 |
| sgi | irix | 6.5.13f |
| sgi | irix | 6.5.7f |
| freebsd | freebsd | 4.4 |
| hp | hp-ux_series_700 | 10.20 |
| openafs | openafs | 1.1.1 |
| sgi | irix | 6.5.3 |
| cray | unicos | 7.0 |
| gnu | glibc | 2.1.3 |
| openbsd | openbsd | 2.5 |
| gnu | glibc | 2.2.5 |
| openafs | openafs | 1.0.2 |
| cray | unicos | 9.0 |
| openafs | openafs | 1.2.2a |
| openbsd | openbsd | 2.0 |
| freebsd | freebsd | 4.1.1 |
| sgi | irix | 6.5.11f |
| sgi | irix | 6.5.6f |
| cray | unicos | 6.1 |
| openafs | openafs | 1.0.4 |
| openafs | openafs | 1.2.2b |
| openbsd | openbsd | 2.6 |
| sgi | irix | 6.5.10f |
| sgi | irix | 6.5.3m |
| openbsd | openbsd | 2.1 |
| sgi | irix | 6.5.20 |
| openbsd | openbsd | 3.0 |
| openbsd | openbsd | 2.2 |
| cray | unicos | 9.2 |
| sgi | irix | 6.5.7 |
| freebsd | freebsd | 4.6 |
| sgi | irix | 6.5.5f |
| hp | hp-ux_series_800 | 10.20 |
| sgi | irix | 6.5.11 |
| freebsd | freebsd | 4.1 |
| gnu | glibc | 2.2.3 |
| sgi | irix | 6.5.16m |
| gnu | glibc | 2.2.4 |
| sun | solaris | 8.0 |
| sgi | irix | 6.5.7m |
| openafs | openafs | 1.2 |
| sgi | irix | 6.5.19 |
| cray | unicos | 9.0.2.5 |
| sgi | irix | 6.5 |
| openbsd | openbsd | 3.2 |
| sgi | irix | 6.5.12 |
| hp | hp-ux | 10.24 |
| sun | solaris | 9.0 |
| sgi | irix | 6.5.9m |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| openafs | openafs | 1.3.1 |
| sgi | irix | 6.5.9f |
| mit | kerberos_5 | 1.2.3 |
| freebsd | freebsd | 4.3 |
| hp | hp-ux | 11.11 |
| mit | kerberos_5 | 1.2 |
| sgi | irix | 6.5.14 |
| mit | kerberos_5 | 1.2.6 |
| sgi | irix | 6.5.11m |
| ibm | aix | 5.1 |
| openbsd | openbsd | 2.3 |
| sgi | irix | 6.5.2 |
| openafs | openafs | 1.1.1a |
| openafs | openafs | 1.2.3 |
| mit | kerberos_5 | 1.2.7 |
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1 |
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | * |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| debian | debian_linux | 2.2 |
| gnu | gzip | * |
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| quagga | quagga | 0.95 |
| gnu | zebra | 0.92a |
| gnu | zebra | 0.93b |
| quagga | quagga | 0.96 |
| gnu | zebra | 0.91a |
| sgi | propack | 2.3 |
| quagga | quagga | 0.96.1 |
| sgi | propack | 2.2.1 |
| quagga | quagga | 0.96.2 |
| quagga | quagga | * |
| gnu | zebra | 0.93a |
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | lsh | 1.4.1 |
| gnu | lsh | 1.4.2 |
| gnu | lsh | 1.4 |
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 2.0.3 |
| gnu | cfengine | 2.0.4 |
| gnu | cfengine | 2.0.2 |
| gnu | cfengine | 2.1.0 |
| gnu | cfengine | 2.0.0 |
| gnu | cfengine | 2.0.6 |
| gnu | cfengine | 2.0.7 |
| gnu | cfengine | 2.0.1 |
| gnu | cfengine | 2.0.5 |
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fileutils | 4.0.36 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 |
| washington_university | wu-ftpd | 2.4.2_beta2 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 |
| washington_university | wu-ftpd | 2.4.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 |
| washington_university | wu-ftpd | 2.4.2_vr17 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 |
| gnu | fileutils | 4.0 |
| gnu | fileutils | 4.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 |
| washington_university | wu-ftpd | 2.4.2_beta18 |
| washington_university | wu-ftpd | 2.5.0 |
| washington_university | wu-ftpd | 2.6.0 |
| gnu | fileutils | 4.1.6 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 |
| washington_university | wu-ftpd | 2.6.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 |
| washington_university | wu-ftpd | 2.6.2 |
| washington_university | wu-ftpd | 2.4.2_vr16 |
| gnu | fileutils | 4.1.7 |
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fileutils | 4.0.36 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 |
| washington_university | wu-ftpd | 2.4.2_beta2 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 |
| washington_university | wu-ftpd | 2.4.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 |
| washington_university | wu-ftpd | 2.4.2_vr17 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 |
| gnu | fileutils | 4.0 |
| gnu | fileutils | 4.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 |
| washington_university | wu-ftpd | 2.4.2_beta18 |
| washington_university | wu-ftpd | 2.5.0 |
| washington_university | wu-ftpd | 2.6.0 |
| gnu | fileutils | 4.1.6 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 |
| washington_university | wu-ftpd | 2.6.1 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 |
| washington_university | wu-ftpd | 2.6.2 |
| washington_university | wu-ftpd | 2.4.2_vr16 |
| gnu | fileutils | 4.1.7 |
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| quagga | quagga_routing_software_suite | * |
| gnu | zebra | * |
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.3.2 |
| gnu | zebra | 0.92a |
| redhat | enterprise_linux | 2.1 |
| gnu | zebra | 0.91a |
| intel | ia64 | * |
| gnu | zebra | 0.93a |
| gnu | zebra | 0.93b |
| quagga | quagga_routing_software_suite | 0.96.2 |
| redhat | linux_advanced_workstation | 2.1 |
| redhat | enterprise_linux | 3.0 |
| sgi | propack | 2.3 |
| sgi | propack | 2.2.1 |
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.2.3 |
| gnu | privacy_guard | 1.0.4 |
| gnu | privacy_guard | 1.0.7 |
| gnu | privacy_guard | 1.2.2 |
| gnu | privacy_guard | 1.0.3b |
| gnu | privacy_guard | 1.0.5 |
| gnu | privacy_guard | 1.2 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.2.1 |
| gnu | privacy_guard | 1.0.6 |
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | 3.9.10 |
| gnu | screen | 3.9.15 |
| gnu | screen | 4.0.1 |
| gnu | screen | 3.9.13 |
| gnu | screen | 3.9.4 |
| gnu | screen | 3.9.8 |
| gnu | screen | 3.9.9 |
| gnu | screen | 3.9.11 |
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.2.3 |
| gnu | privacy_guard | 1.2.2 |
| gnu | privacy_guard | 1.2 |
| gnu | privacy_guard | 1.2.1 |
| gnu | privacy_guard | 1.3.3 |
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1 |
| gnu | mailman | 1.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.6 |
| sgi | propack | 2.3 |
| gnu | mailman | 2.0.8 |
| gnu | mailman | 1.0 |
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 21.2.1 |
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | radius | 1.1 |
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libtool | 1.1 |
| gnu | libtool | 1.3.3 |
| gnu | libtool | 1.3 |
| gnu | libtool | 1.4 |
| gnu | libtool | 1.0 |
| gnu | libtool | 1.5 |
| gnu | libtool | 1.3.5 |
| gnu | libtool | 1.3.2 |
| gnu | libtool | 1.4.2 |
| gnu | libtool | 1.4.1 |
| gnu | libtool | 1.4.3 |
| gnu | libtool | 1.2 |
| gnu | libtool | 1.3.4 |
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | anubis | 3.6.0 |
| gnu | anubis | 3.9.92 |
| gnu | anubis | 3.6.1 |
| gnu | anubis | 3.9.93 |
| gnu | anubis | 3.6.2 |
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | anubis | 3.6.0 |
| gnu | anubis | 3.9.92 |
| gnu | anubis | 3.6.1 |
| gnu | anubis | 3.9.93 |
| gnu | anubis | 3.6.2 |
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1b1 |
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | flim | * |
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | aspell | 0.50.5 |
| gentoo | linux | 1.4 |
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | queue | 1.12.7 |
| gnu | queue | 1.12.9 |
| gnu | queue | 1.12.8 |
| gnu | queue | 1.20.2 |
| gnu | queue | 1.20.1 |
| gnu | queue | 1.20.0 |
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | radius | 1.1 |
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ksymoops | 2.4.5 |
| mandrakesoft | mandrake_linux | 9.1 |
| gnu | ksymoops | 2.4.9 |
| gnu | ksymoops | 2.4.8 |
| mandrakesoft | mandrake_linux | 9.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | * |
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnats | 3.14b |
| gnu | gnats | 3.113.1 |
| gnu | gnats | 3.2 |
| gnu | gnats | 3.0_02 |
| gnu | gnats | 3.113.1.6 |
| gnu | gnats | 3.113 |
| gnu | gnats | 4.0 |
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cvs | * |
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | radius | 0.96 |
| gnu | radius | 1.2 |
| gnu | radius | 0.94 |
| gnu | radius | 0.93 |
| gnu | radius | 0.95 |
| gnu | radius | 0.92.1 |
| gnu | radius | 1.1 |
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gettext | 0.14.1 |
| ubuntu | ubuntu_linux | 4.1 |
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.3 |
| redhat | enterprise_linux | 3.0 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3.10 |
| redhat | enterprise_linux_desktop | 3.0 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.19 |
| gentoo | linux | * |
| ubuntu | ubuntu_linux | 4.1 |
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4a |
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | * |
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1 |
| gnu | mailman | 1.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1b1 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.6 |
| gnu | mailman | 2.0.8 |
| gnu | mailman | 1.0 |
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.1 |
| sun | java_desktop_system | 2003 |
| gnu | a2ps | 4.13 |
| sun | java_desktop_system | 2.0 |
| suse | suse_linux | 8 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 9.0 |
| gnu | a2ps | 4.13b |
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1 |
| gnu | mailman | 1.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1b1 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.6 |
| gnu | mailman | 2.0.8 |
| gnu | mailman | 1.0 |
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 6.3 |
| gnu | enscript | 1.6.3 |
| gnu | enscript | 1.5 |
| suse | suse_linux | 7.0 |
| suse | suse_linux | 6.4 |
| suse | suse_linux | 4.4 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 5.2 |
| suse | suse_linux | 8.1 |
| gnu | enscript | 1.4 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 6.1 |
| suse | suse_linux | 4.0 |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 5.3 |
| redhat | fedora_core | core_2.0 |
| suse | suse_linux | 4.3 |
| gnu | enscript | 1.6.4 |
| suse | suse_linux | 4.2 |
| suse | suse_linux | 5.0 |
| suse | suse_linux | 6.2 |
| suse | suse_linux | 7.2 |
| suse | suse_linux | 9.2 |
| suse | suse_linux | 2.0 |
| sgi | propack | 3.0 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_3.0 |
| gnu | enscript | 1.6 |
| suse | suse_linux | 5.1 |
| suse | suse_linux | 6.0 |
| gnu | enscript | 1.6.1 |
| gnu | enscript | 1.6.2 |
| suse | suse_linux | 7.1 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 4.4.1 |
| suse | suse_linux | 7.3 |
| suse | suse_linux | 3.0 |
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | enscript | 1.6.3 |
| gnu | enscript | 1.6.1 |
| gnu | enscript | 1.6.0 |
| gnu | enscript | 1.5.0 |
| gnu | enscript | 1.6.2 |
| gnu | enscript | 1.3.0 |
| gnu | enscript | 1.4.0 |
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | enscript | 1.6.3 |
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| conectiva | linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| gnu | realtime_linux_security_module | 0.8.7 |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | * |
| oracle | solaris | 8 |
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_server | 7.0 |
| turbolinux | turbolinux_workstation | 7.0 |
| gnu | a2ps | 4.13 |
| turbolinux | turbolinux_home | * |
| gnu | a2ps | 4.13b |
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.8.2 |
| gnu | wget | 1.8 |
| gnu | wget | 1.8.1 |
| gnu | wget | 1.9.1 |
| gnu | wget | 1.9 |
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.8.2 |
| gnu | wget | 1.8 |
| gnu | wget | 1.8.1 |
| gnu | wget | 1.9.1 |
| gnu | wget | 1.9 |
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 2.0.3 |
| gnu | cfengine | 2.0.4 |
| gnu | cfengine | 2.0.2 |
| gnu | cfengine | 2.1.0 |
| gnu | cfengine | 2.0.0 |
| gnu | cfengine | 2.0.6 |
| gnu | cfengine | 2.0.7 |
| gnu | cfengine | 2.1.7 |
| gnu | cfengine | 2.0.1 |
| gnu | cfengine | 2.0.5 |
| gnu | cfengine | 2.0.8 |
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 2.0.3 |
| gnu | cfengine | 2.0.4 |
| gnu | cfengine | 2.0.2 |
| gnu | cfengine | 2.1.0 |
| gnu | cfengine | 2.0.0 |
| gnu | cfengine | 2.0.6 |
| gnu | cfengine | 2.0.7 |
| gnu | cfengine | 2.1.7 |
| gnu | cfengine | 2.0.1 |
| gnu | cfengine | 2.0.5 |
| gnu | cfengine | 2.0.8 |
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | sharutils | 4.2 |
| gnu | sharutils | 4.2.1 |
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | sharutils | 4.2 |
| gnu | sharutils | 4.2.1 |
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.8.2 |
| gnu | wget | 1.8 |
| gnu | wget | 1.7 |
| gnu | wget | 1.7.1 |
| gnu | wget | 1.6 |
| gnu | wget | 1.8.1 |
| gnu | wget | 1.9.1 |
| gnu | wget | 1.9 |
| gnu | wget | 1.5.3 |
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | less | 381 |
| gnu | less | 382 |
| gnu | less | 358 |
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnubiff | 1.0.6 |
| gnu | gnubiff | 1.0.4 |
| gnu | gnubiff | 1.2.0 |
| gnu | gnubiff | 1.0.5 |
| gnu | gnubiff | 1.0.10 |
| gnu | gnubiff | 1.0.3 |
| gnu | gnubiff | 1.0.7 |
| gnu | gnubiff | 1.0.8 |
| gnu | gnubiff | 1.0.9 |
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnubiff | 1.0.6 |
| gnu | gnubiff | 1.0.4 |
| gnu | gnubiff | 1.2.0 |
| gnu | gnubiff | 1.0.5 |
| gnu | gnubiff | 1.0.10 |
| gnu | gnubiff | 1.0.3 |
| gnu | gnubiff | 1.0.7 |
| gnu | gnubiff | 1.0.8 |
| gnu | gnubiff | 1.0.9 |
| gnu | gnubiff | 1.4.0 |
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnubiff | 1.0.6 |
| gnu | gnubiff | 1.0.4 |
| gnu | gnubiff | 1.2.0 |
| gnu | gnubiff | 1.0.5 |
| gnu | gnubiff | 1.0.10 |
| gnu | gnubiff | 1.0.3 |
| gnu | gnubiff | 1.0.7 |
| gnu | gnubiff | 1.0.8 |
| gnu | gnubiff | 1.0.9 |
| gnu | gnubiff | 1.4.0 |
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 1.0.16 |
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| ubuntu | ubuntu_linux | 4.10 |
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 21.3 |
| gnu | emacs | * |
| gnu | xemacs | * |
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.1 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1b1 |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 4.10 |
| canonical | ubuntu_linux | 5.04 |
| gnu | gzip | * |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4 |
| redhat | enterprise_linux_desktop | 4.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting |
| turbolinux | turbolinux_workstation | 8.0 |
| trustix | secure_linux | 2.2 |
| turbolinux | turbolinux_server | 7.0 |
| redhat | enterprise_linux | 2.1 |
| trustix | secure_linux | 2.0 |
| freebsd | freebsd | 4.6 |
| freebsd | freebsd | 5.4 |
| freebsd | freebsd | 4.1 |
| ubuntu | ubuntu_linux | 5.04 |
| freebsd | freebsd | 4.10 |
| redhat | enterprise_linux | 4.0 |
| turbolinux | turbolinux_workstation | 7.0 |
| redhat | linux_advanced_workstation | 2.1 |
| trustix | secure_linux | 2.1 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 5.0 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 4.11 |
| freebsd | freebsd | 5.1 |
| gentoo | linux | * |
| freebsd | freebsd | 4.4 |
| turbolinux | turbolinux_desktop | 10.0 |
| freebsd | freebsd | 5.2.1 |
| freebsd | freebsd | 5.3 |
| freebsd | freebsd | 4.7 |
| gnu | gzip | 1.3.3 |
| freebsd | freebsd | 4.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| freebsd | freebsd | 4.3 |
| freebsd | freebsd | 4.5 |
| turbolinux | turbolinux_server | 8.0 |
| gnu | gzip | 1.2.4a |
| freebsd | freebsd | 4.9 |
| freebsd | freebsd | 5.2 |
| turbolinux | turbolinux_home | * |
| freebsd | freebsd | 4.1.1 |
| freebsd | freebsd | 4.8 |
| turbolinux | turbolinux_server | 10.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup |
| ubuntu | ubuntu_linux | 4.1 |
| freebsd | freebsd | 4.2 |
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | sharutils | 4.2.1 |
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | 5.2.1 |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.0 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.1 |
| debian | debian_linux | 3.0 |
| canonical | ubuntu_linux | 4.10 |
| canonical | ubuntu_linux | 5.04 |
| gnu | cpio | * |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4 |
| gnu | gzip | 1.3.3 |
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | * |
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 1.0.21 |
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 0.6 |
| gnu | mailutils | 0.5 |
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 0.6 |
| gnu | mailutils | 0.5 |
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 0.6 |
| gnu | mailutils | 0.5 |
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 0.6 |
| gnu | mailutils | 0.5 |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | * |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | * |
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 1.0.6.1.1 |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.13.25 |
| redhat | enterprise_linux | 2.1 |
| redhat | linux_advanced_workstation | 2.1 |
| redhat | enterprise_linux | 3.0 |
| redhat | enterprise_linux_desktop | 3.0 |
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnats | 4.1.0 |
| gnu | gnats | 4.0 |
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | phpbook | 1.46 |
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.15.1 |
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | 0.6 |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 2.0.4 |
| gnu | cfengine | 1.6.5 |
| gnu | cfengine | 2.1.9 |
| gnu | cfengine | 2.1.16 |
| gnu | cfengine | 2.0.6 |
| gnu | cfengine | 2.0.7 |
| gnu | cfengine | 2.1.7 |
| gnu | cfengine | 2.0.1 |
| gnu | cfengine | 2.0.5 |
| gnu | cfengine | 1.5.3-4 |
| gnu | cfengine | 2.0.3 |
| debian | debian_linux | 3.1 |
| gnu | cfengine | 2.0.2 |
| gnu | cfengine | 2.1.8 |
| gnu | cfengine | 2.1.0 |
| gnu | cfengine | 2.0.0 |
| gnu | cfengine | 1.5 |
| gnu | cfengine | 1.6 |
| gnu | cfengine | 2.0.8 |
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | texinfo | * |
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnump3d | 2.9.1 |
| gnu | gnump3d | 2.9.2 |
| gnu | gnump3d | 2.9 |
| gnu | gnump3d | 2.9.5 |
| gnu | gnump3d | 2.9.4 |
| gnu | gnump3d | 2.9.3 |
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cfengine | 1.6.5 |
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnump3d | 2.9.1 |
| gnu | gnump3d | 2.9.2 |
| gnu | gnump3d | 2.9 |
| gnu | gnump3d | 2.9.6 |
| gnu | gnump3d | 2.9.5 |
| gnu | gnump3d | 2.9.4 |
| gnu | gnump3d | * |
| gnu | gnump3d | 2.9.3 |
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnump3d | 2.9.1 |
| gnu | gnump3d | 2.9.2 |
| gnu | gnump3d | 2.9 |
| gnu | gnump3d | 2.9.6 |
| gnu | gnump3d | 2.9.5 |
| gnu | gnump3d | 2.9.4 |
| gnu | gnump3d | 2.9.7 |
| gnu | gnump3d | 2.9.3 |
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnump3d | 2.4 |
| gnu | gnump3d | 2.9.1 |
| gnu | gnump3d | 2.5 |
| gnu | gnump3d | 2.2 |
| gnu | gnump3d | 2.7 |
| gnu | gnump3d | 2.5b |
| gnu | gnump3d | 2.3 |
| gnu | gnump3d | 2.9.2 |
| gnu | gnump3d | 2.9 |
| gnu | gnump3d | 2.0 |
| gnu | gnump3d | 2.8 |
| gnu | gnump3d | 2.1 |
| gnu | gnump3d | 2.9.4 |
| gnu | gnump3d | 2.6 |
| gnu | gnump3d | 2.9.3 |
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnump3d | 2.4 |
| gnu | gnump3d | 2.9.1 |
| gnu | gnump3d | 2.5 |
| gnu | gnump3d | 2.2 |
| gnu | gnump3d | 2.7 |
| gnu | gnump3d | 2.5b |
| gnu | gnump3d | 2.3 |
| gnu | gnump3d | 2.9.2 |
| gnu | gnump3d | 2.9 |
| gnu | gnump3d | 2.0 |
| gnu | gnump3d | 2.9.5 |
| gnu | gnump3d | 2.8 |
| gnu | gnump3d | 2.1 |
| gnu | gnump3d | 2.9.4 |
| gnu | gnump3d | 2.6 |
| gnu | gnump3d | 2.9.3 |
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.1.5.8 |
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.14 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.6 |
| gnu | mailman | 2.0.8 |
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.1.6 |
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 2.6-8 |
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 5.04 |
| canonical | ubuntu_linux | 5.10 |
| gnu | binutils | * |
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 5.10 |
| gnu | binutils | * |
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.4.1 |
| gnu | privacy_guard | 1.4 |
| gnu | privacy_guard | 1.2.4 |
| gnu | privacy_guard | 1.2.6 |
| gnu | privacy_guard | 1.0 |
| gnu | privacy_guard | 1.4.2 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.3.4 |
| gnu | privacy_guard | 1.0.1 |
| gnu | privacy_guard | 1.2.7 |
| gnu | privacy_guard | 1.3.3 |
| gnu | privacy_guard | 1.2.3 |
| gnu | privacy_guard | 1.0.4 |
| gnu | privacy_guard | 1.0.7 |
| gnu | privacy_guard | 1.2.2 |
| gnu | privacy_guard | 1.0.3b |
| gnu | privacy_guard | 1.0.5 |
| gnu | privacy_guard | 1.2.5 |
| gnu | privacy_guard | 1.2 |
| gnu | privacy_guard | 1.2.1 |
| gnu | privacy_guard | 1.0.6 |
| gnu | privacy_guard | 1.4.2.1 |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1b1 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.8 |
| gnu | mailman | 1.0 |
| gnu | mailman | 2.1 |
| gnu | mailman | 1.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.14 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.0.6 |
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | phpbook | 1.2 |
| gnu | phpbook | 1.1 |
| gnu | phpbook | * |
| gnu | phpbook | 1.3 |
| gnu | phpbook | 1.0 |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.15.90 |
| gnu | tar | 1.14 |
| gnu | tar | 1.15.1 |
| gnu | tar | 1.14.1 |
| gnu | tar | 1.15 |
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | lsh | 2.0.1 |
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | privacy_guard | 1.4.1 |
| gnu | privacy_guard | 1.4 |
| gnu | privacy_guard | 1.2.4 |
| gnu | privacy_guard | 1.2.6 |
| gnu | privacy_guard | 1.0 |
| gnu | privacy_guard | 1.4.2 |
| gnu | privacy_guard | 1.0.2 |
| gnu | privacy_guard | 1.0.3 |
| gnu | privacy_guard | 1.3.4 |
| gnu | privacy_guard | 1.0.1 |
| gnu | privacy_guard | 1.2.7 |
| gnu | privacy_guard | 1.3.3 |
| gnu | privacy_guard | 1.2.3 |
| gnu | privacy_guard | 1.0.4 |
| gnu | privacy_guard | 1.0.7 |
| gnu | privacy_guard | 1.2.2 |
| gnu | privacy_guard | 1.0.3b |
| gnu | privacy_guard | 1.0.5 |
| gnu | privacy_guard | 1.2.5 |
| gnu | privacy_guard | 1.2 |
| gnu | privacy_guard | 1.2.1 |
| gnu | privacy_guard | 1.0.6 |
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.7 |
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 4.1 |
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 1.2.8.1a1 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | * |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 1.0.17 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 1.0.16 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 1.3.0 |
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | 4.0.3 |
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gimp | * |
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 4.3 |
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 4.2.0 |
| gnu | gcc | 4.2.1 |
| gnu | gcc | 4.3.0 |
| gnu | gcc | 4.2.3 |
| gnu | gcc | 4.2.2 |
| gnu | gcc | 4.2.4 |
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 1.7.12 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 1.6.0 |
| gnu | gnutls | 1.5.3 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.7.9 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 1.4.3 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 1.7.11 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 1.6.3 |
| gnu | gnutls | 1.4.5 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 1.7.7 |
| gnu | gnutls | 1.7.17 |
| gnu | gnutls | 1.4.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.5.1 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 1.7.14 |
| gnu | gnutls | 1.7.18 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | gnutls | 2.1.5 |
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 1.7.12 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 1.6.0 |
| gnu | gnutls | 1.5.3 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.7.9 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 1.4.3 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 1.7.11 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 1.6.3 |
| gnu | gnutls | 1.4.5 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 1.7.7 |
| gnu | gnutls | 1.7.17 |
| gnu | gnutls | 1.4.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.5.1 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 1.7.14 |
| gnu | gnutls | 1.7.18 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | gnutls | 2.1.5 |
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 1.7.12 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 1.6.0 |
| gnu | gnutls | 1.5.3 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.7.9 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 1.4.3 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 1.7.11 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 1.6.3 |
| gnu | gnutls | 1.4.5 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 1.7.7 |
| gnu | gnutls | 1.7.17 |
| gnu | gnutls | 1.4.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.5.1 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 1.7.14 |
| gnu | gnutls | 1.7.18 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | gnutls | 2.1.5 |
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | adns | 1.0 |
| gnu | adns | 1.3 |
| gnu | adns | 1.2 |
| gnu | adns | 0.1 |
| gnu | adns | 0.3 |
| gnu | adns | 0.4 |
| gnu | adns | 0.5 |
| gnu | adns | 0.7 |
| gnu | adns | * |
| gnu | adns | 1.1 |
| gnu | adns | 0.8 |
| gnu | adns | 0.2 |
| gnu | adns | 0.6 |
| gnu | adns | 0.9 |
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 7.10 |
| debian | debian_linux | 4.0 |
| suse | linux_enterprise_server | 10 |
| canonical | ubuntu_linux | 6.06 |
| suse | linux_enterprise | 11.0 |
| opensuse | opensuse | * |
| gnu | gnutls | * |
| fedoraproject | fedora | 9 |
| fedoraproject | fedora | 8 |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 8.10 |
| canonical | ubuntu_linux | 8.04 |
| suse | linux_enterprise | 10.0 |
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-824,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 1.1.21 |
| openssl | openssl | 0.9.8e |
| mozilla | nss | 3.12 |
| openssl | openssl | 0.9.8k |
| gnu | gnutls | 2.2.4 |
| mozilla | nss | 3.7.5 |
| gnu | gnutls | 1.2.8.1a1 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 1.7.12 |
| mozilla | nss | 3.10 |
| mozilla | nss | 3.6.1 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.4.1 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| mozilla | nss | 3.3.1 |
| gnu | gnutls | 1.6.0 |
| mozilla | nss | 3.6 |
| gnu | gnutls | 1.5.3 |
| gnu | gnutls | 1.1.13 |
| openssl | openssl | 0.9.8d |
| mozilla | nss | 3.11.2 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.7.9 |
| mozilla | nss | 3.2.1 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 2.7.4 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | * |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 1.2.4 |
| mozilla | nss | 3.2 |
| gnu | gnutls | 1.4.3 |
| gnu | gnutls | 1.3.4 |
| mozilla | nss | 3.0 |
| gnu | gnutls | 1.7.11 |
| mozilla | firefox | * |
| openssl | openssl | 0.9.8f |
| mozilla | nss | 3.8 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| mozilla | nss | 3.3 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 1.6.3 |
| gnu | gnutls | 1.4.5 |
| mozilla | nss | 3.7 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| mozilla | nss | 3.7.3 |
| mozilla | nss | 3.11.8 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 1.2.6 |
| mozilla | nss | 3.9 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| mozilla | nss | 3.7.2 |
| openssl | openssl | 0.9.8g |
| gnu | gnutls | 1.2.5 |
| mozilla | nss | 3.7.1 |
| mozilla | nss | 3.11.7 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 1.7.7 |
| gnu | gnutls | 1.7.17 |
| mozilla | nss | * |
| gnu | gnutls | 1.4.4 |
| openssl | openssl | 0.9.8c |
| openssl | openssl | 0.9.8h |
| mozilla | nss | 3.11.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 2.0.2 |
| openssl | openssl | 0.9.8b |
| gnu | gnutls | 1.0.17 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| mozilla | nss | 3.4 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.2.10 |
| openssl | openssl | * |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.5.1 |
| mozilla | nss | 3.5 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.3 |
| openssl | openssl | 0.9.8i |
| mozilla | nss | 3.4.3 |
| mozilla | nss | 3.12.1 |
| gnu | gnutls | 1.7.14 |
| gnu | gnutls | 1.7.18 |
| mozilla | nss | 3.7.7 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 2.1.0 |
| openssl | openssl | 0.9.8 |
| openssl | openssl | 0.9.8a |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 2.4.2 |
| mozilla | nss | 3.4.2 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| mozilla | nss | 3.9.5 |
| mozilla | nss | 3.4.1 |
| openssl | openssl | 0.9.8j |
| mozilla | network_security_services | * |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 1.0.16 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| mozilla | nss | 3.3.2 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | gnutls | 2.1.5 |
| gnu | gnutls | 2.5.0 |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4 |
| gnu | gzip | 1.3.2 |
| gnu | gzip | 1.3 |
| gnu | gzip | 1.3.1 |
| gnu | gzip | 1.3.11 |
| gnu | gzip | * |
| gnu | gzip | 1.3.8 |
| gnu | gzip | 1.3.10 |
| gnu | gzip | 1.3.3 |
| gnu | gzip | 1.3.4 |
| gnu | gzip | 1.3.5 |
| gnu | gzip | 1.3.6 |
| gnu | gzip | 1.2.4a |
| gnu | gzip | 1.3.9 |
| gnu | gzip | 1.3.7 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 4.0 |
| openssl | openssl | * |
| mozilla | nss | * |
| canonical | ubuntu_linux | 10.10 |
| debian | debian_linux | 7.0 |
| fedoraproject | fedora | 11 |
| fedoraproject | fedora | 12 |
| canonical | ubuntu_linux | 9.10 |
| debian | debian_linux | 5.0 |
| f5 | nginx | * |
| canonical | ubuntu_linux | 9.04 |
| fedoraproject | fedora | 13 |
| canonical | ubuntu_linux | 10.04 |
| gnu | gnutls | * |
| fedoraproject | fedora | 14 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 8.10 |
| openssl | openssl | 1.0 |
| apache | http_server | * |
| canonical | ubuntu_linux | 8.04 |
| debian | debian_linux | 6.0 |
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub_2 | 1.97 |
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | 5.92 |
| gnu | coreutils | 6.9 |
| gnu | coreutils | 7.2 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnu | coreutils | 7.6 |
| gnu | coreutils | 6.7 |
| gnu | coreutils | 6.6 |
| fedoraproject | fedora | 11 |
| fedoraproject | fedora | 12 |
| gnu | coreutils | 6.11 |
| gnu | coreutils | 5.95 |
| gnu | coreutils | 8.1 |
| gnu | coreutils | 7.3 |
| gnu | coreutils | 7.1 |
| gnu | coreutils | 5.94 |
| gnu | coreutils | 6.2 |
| gnu | coreutils | 5.96 |
| gnu | coreutils | 5.93 |
| gnu | coreutils | 6.3 |
| gnu | coreutils | 6.12 |
| gnu | coreutils | 5.91 |
| gnu | coreutils | 6.10 |
| canonical | ubuntu_linux | 10.04 |
| gnu | coreutils | 5.2.1 |
| gnu | coreutils | 6.5 |
| gnu | coreutils | 7.5 |
| gnu | coreutils | 5.97 |
| gnu | coreutils | 6.4 |
| gnu | coreutils | 6.8 |
| gnu | coreutils | 7.4 |
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.4 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 2.2.1 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.4 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.15 |
| gnu | groff | 1.16 |
| gnu | groff | 1.18.1 |
| gnu | groff | 1.11a |
| gnu | groff | 1.17.2 |
| gnu | groff | 1.19.1 |
| gnu | groff | 1.20 |
| gnu | groff | 1.14 |
| gnu | groff | 1.11 |
| gnu | groff | 1.19.2 |
| gnu | groff | 1.10 |
| gnu | groff | 1.19 |
| apple | mac_os_x | * |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.17.1 |
| gnu | groff | * |
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 1.09.1 |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.15 |
| gnu | groff | 1.16 |
| gnu | groff | 1.18.1 |
| gnu | groff | 1.11a |
| gnu | groff | 1.17.2 |
| gnu | groff | 1.19.1 |
| gnu | groff | 1.20 |
| gnu | groff | 1.14 |
| gnu | groff | 1.11 |
| gnu | groff | 1.19.2 |
| gnu | groff | 1.10 |
| gnu | groff | 1.19 |
| apple | mac_os_x | * |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.17.1 |
| gnu | groff | * |
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.20.1 |
| gnu | groff | 1.15 |
| gnu | groff | 1.16 |
| gnu | groff | 1.18.1 |
| gnu | groff | 1.11a |
| gnu | groff | 1.17.2 |
| gnu | groff | 1.19.1 |
| gnu | groff | 1.20 |
| gnu | groff | 1.14 |
| gnu | groff | 1.11 |
| gnu | groff | 1.19.2 |
| gnu | groff | 1.10 |
| gnu | groff | 1.19 |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.17.1 |
| gnu | groff | * |
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.20.1 |
| gnu | groff | 1.15 |
| gnu | groff | 1.16 |
| gnu | groff | 1.18.1 |
| gnu | groff | 1.11a |
| gnu | groff | 1.17.2 |
| gnu | groff | 1.19.1 |
| gnu | groff | 1.20 |
| gnu | groff | 1.14 |
| gnu | groff | 1.11 |
| gnu | groff | 1.19.2 |
| gnu | groff | 1.10 |
| gnu | groff | 1.19 |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.17.1 |
| gnu | groff | * |
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.20.1 |
| gnu | groff | 1.15 |
| gnu | groff | 1.16 |
| gnu | groff | 1.18.1 |
| gnu | groff | 1.11a |
| gnu | groff | 1.17.2 |
| gnu | groff | 1.19.1 |
| gnu | groff | 1.20 |
| gnu | groff | 1.14 |
| gnu | groff | 1.11 |
| gnu | groff | 1.19.2 |
| gnu | groff | 1.10 |
| gnu | groff | 1.19 |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.17.1 |
| gnu | groff | * |
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.20.1 |
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | steelstore_cloud_integrated_storage | - |
| gnu | glibc | * |
| netapp | cloud_backup | * |
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gzip | 1.2.4 |
| gnu | gzip | 1.3.2 |
| gnu | gzip | 1.3 |
| gnu | gzip | 1.3.1 |
| gnu | gzip | 1.3.11 |
| gnu | gzip | * |
| gnu | gzip | 1.3.8 |
| gnu | gzip | 1.3.10 |
| gnu | gzip | 1.3.3 |
| gnu | gzip | 1.3.4 |
| gnu | gzip | 1.3.5 |
| gnu | gzip | 1.3.6 |
| gnu | gzip | 1.3.12 |
| gnu | gzip | 1.2.4a |
| gnu | gzip | 1.3.9 |
| gnu | gzip | 1.3.7 |
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.4 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.13 |
| gnu | cpio | 2.5 |
| gnu | tar | 1.16.1 |
| gnu | tar | 1.13.14 |
| gnu | cpio | * |
| gnu | tar | 1.14.90 |
| gnu | cpio | 1.1 |
| gnu | tar | 1.19 |
| gnu | tar | * |
| gnu | tar | 1.15.90 |
| gnu | tar | 1.14 |
| gnu | cpio | 2.8 |
| gnu | tar | 1.18 |
| gnu | cpio | 2.9 |
| gnu | tar | 1.13.18 |
| gnu | cpio | 2.4-2 |
| gnu | tar | 1.13.16 |
| gnu | tar | 1.13.25 |
| gnu | tar | 1.15.91 |
| gnu | tar | 1.13.17 |
| gnu | tar | 1.16 |
| gnu | cpio | 1.2 |
| gnu | tar | 1.14.1 |
| gnu | tar | 1.21 |
| gnu | tar | 1.13.11 |
| gnu | tar | 1.17 |
| gnu | tar | 1.15.1 |
| gnu | cpio | 1.3 |
| gnu | cpio | 2.6 |
| gnu | cpio | 2.7 |
| gnu | tar | 1.13.5 |
| gnu | tar | 1.13.19 |
| gnu | tar | 1.20 |
| gnu | tar | 1.15 |
| gnu | cpio | 1.0 |
| gnu | cpio | 2.5.90 |
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | * |
| gnu | gnutls | 1.0.17 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 1.0.16 |
| gnu | gnutls | 1.1.16 |
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 23.1 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| gnu | emacs | 22.3 |
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.4 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | nano | 2.0.4 |
| gnu | nano | 2.1.99pre2 |
| gnu | nano | 0.5.0 |
| gnu | nano | 0.7.5 |
| gnu | nano | 1.1.3 |
| gnu | nano | 0.5.2 |
| gnu | nano | 1.3.8 |
| gnu | nano | 0.9.5 |
| gnu | nano | 1.3.3 |
| gnu | nano | 0.7.7 |
| gnu | nano | 0.7.8 |
| gnu | nano | 1.1.6 |
| gnu | nano | 0.8.5 |
| gnu | nano | 0.9.1 |
| gnu | nano | 0.9.14 |
| gnu | nano | 0.5.1 |
| gnu | nano | 0.9.15 |
| gnu | nano | 1.1.12 |
| gnu | nano | 2.0.7 |
| gnu | nano | 0.6.8 |
| gnu | nano | 1.1.11 |
| gnu | nano | 1.0.0 |
| gnu | nano | 0.8.2 |
| gnu | nano | 2.0.9 |
| gnu | nano | 2.1.5 |
| gnu | nano | * |
| gnu | nano | 0.8.8 |
| gnu | nano | 0.6.5 |
| gnu | nano | 1.0.3 |
| gnu | nano | 1.0.1 |
| gnu | nano | 1.1.2 |
| gnu | nano | 0.6.7 |
| gnu | nano | 2.0.8 |
| gnu | nano | 0.9.10 |
| gnu | nano | 0.9.19 |
| gnu | nano | 0.9.21 |
| gnu | nano | 0.9.8 |
| gnu | nano | 1.0.4 |
| gnu | nano | 0.5.3 |
| gnu | nano | 0.9.13 |
| gnu | nano | 1.3.9 |
| gnu | nano | 0.6.3 |
| gnu | nano | 1.0.5 |
| gnu | nano | 0.9.0 |
| gnu | nano | 1.3.4 |
| gnu | nano | 2.1.3 |
| gnu | nano | 0.8.3 |
| gnu | nano | 2.2.0 |
| gnu | nano | 1.2.4 |
| gnu | nano | 1.0.2 |
| gnu | nano | 1.2.3 |
| gnu | nano | 1.9.99pre3 |
| gnu | nano | 2.0.2 |
| gnu | nano | 1.0.9 |
| gnu | nano | 0.9.12 |
| gnu | nano | 1.3.11 |
| gnu | nano | 0.8.9 |
| gnu | nano | 2.0.5 |
| gnu | nano | 0.8.0 |
| gnu | nano | 1.1.5 |
| gnu | nano | 0.9.99pre1 |
| gnu | nano | 1.1.99pre2 |
| gnu | nano | 2.1.0 |
| gnu | nano | 2.1.9 |
| gnu | nano | 0.6.1 |
| gnu | nano | 1.1.10 |
| gnu | nano | 0.9.4 |
| gnu | nano | 2.1.11 |
| gnu | nano | 1.2.5 |
| gnu | nano | 0.9.20 |
| gnu | nano | 0.9.7 |
| gnu | nano | 1.3.5 |
| gnu | nano | 0.5.5 |
| gnu | nano | 0.7.0 |
| gnu | nano | 0.7.2 |
| gnu | nano | 0.7.3 |
| gnu | nano | 2.1.4 |
| gnu | nano | 0.9.24 |
| gnu | nano | 0.9.18 |
| gnu | nano | 1.3.7 |
| gnu | nano | 0.8.7 |
| gnu | nano | 2.1.1 |
| gnu | nano | 0.8.4 |
| gnu | nano | 0.6.4 |
| gnu | nano | 1.1.7 |
| gnu | nano | 2.2.1 |
| gnu | nano | 2.1.8 |
| gnu | nano | 1.1.99pre3 |
| gnu | nano | 0.7.1 |
| gnu | nano | 0.6.9 |
| gnu | nano | 0.9.17 |
| gnu | nano | 0.9.22 |
| gnu | nano | 0.9.16 |
| gnu | nano | 0.8.6 |
| gnu | nano | 2.1.2 |
| gnu | nano | 1.1.9 |
| gnu | nano | 2.1.99pre1 |
| gnu | nano | 1.3.0 |
| gnu | nano | 2.1.10 |
| gnu | nano | 0.9.25 |
| gnu | nano | 1.3.2 |
| gnu | nano | 1.0.6 |
| gnu | nano | 2.0.1 |
| gnu | nano | 1.2.1 |
| gnu | nano | 1.0.7 |
| gnu | nano | 2.0.3 |
| gnu | nano | 0.6.6 |
| gnu | nano | 1.3.6 |
| gnu | nano | 2.1.6 |
| gnu | nano | 2.0.0 |
| gnu | nano | 0.7.6 |
| gnu | nano | 0.6.2 |
| gnu | nano | 0.9.2 |
| gnu | nano | 1.1.99pre1 |
| gnu | nano | 2.1.7 |
| gnu | nano | 0.9.99pre2 |
| gnu | nano | 1.1.1 |
| gnu | nano | 0.6.0 |
| gnu | nano | 1.1.4 |
| gnu | nano | 1.2.2 |
| gnu | nano | 0.8.1 |
| gnu | nano | 0.9.11 |
| gnu | nano | 1.3.1 |
| gnu | nano | 2.0.6 |
| gnu | nano | 2.2.2 |
| gnu | nano | 0.9.3 |
| gnu | nano | 0.9.99pre3 |
| gnu | nano | 1.0.8 |
| gnu | nano | 1.9.99pre2 |
| gnu | nano | 1.1.0 |
| gnu | nano | 1.9.99pre1 |
| gnu | nano | 1.1.8 |
| gnu | nano | 0.9.6 |
| gnu | nano | 1.3.10 |
| gnu | nano | 0.5.4 |
| gnu | nano | 0.7.9 |
| gnu | nano | 0.9.9 |
| gnu | nano | 1.2.0 |
| gnu | nano | 0.7.4 |
| gnu | nano | 1.3.12 |
| gnu | nano | 0.9.23 |
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | nano | 2.0.4 |
| gnu | nano | 2.1.99pre2 |
| gnu | nano | 0.5.0 |
| gnu | nano | 0.7.5 |
| gnu | nano | 1.1.3 |
| gnu | nano | 0.5.2 |
| gnu | nano | 1.3.8 |
| gnu | nano | 0.9.5 |
| gnu | nano | 1.3.3 |
| gnu | nano | 0.7.7 |
| gnu | nano | 0.7.8 |
| gnu | nano | 1.1.6 |
| gnu | nano | 0.8.5 |
| gnu | nano | 0.9.1 |
| gnu | nano | 0.9.14 |
| gnu | nano | 0.5.1 |
| gnu | nano | 0.9.15 |
| gnu | nano | 1.1.12 |
| gnu | nano | 2.0.7 |
| gnu | nano | 0.6.8 |
| gnu | nano | 1.1.11 |
| gnu | nano | 1.0.0 |
| gnu | nano | 0.8.2 |
| gnu | nano | 2.0.9 |
| gnu | nano | 2.1.5 |
| gnu | nano | * |
| gnu | nano | 0.8.8 |
| gnu | nano | 0.6.5 |
| gnu | nano | 1.0.3 |
| gnu | nano | 1.0.1 |
| gnu | nano | 1.1.2 |
| gnu | nano | 0.6.7 |
| gnu | nano | 2.0.8 |
| gnu | nano | 0.9.10 |
| gnu | nano | 0.9.19 |
| gnu | nano | 0.9.21 |
| gnu | nano | 0.9.8 |
| gnu | nano | 1.0.4 |
| gnu | nano | 0.5.3 |
| gnu | nano | 0.9.13 |
| gnu | nano | 1.3.9 |
| gnu | nano | 0.6.3 |
| gnu | nano | 1.0.5 |
| gnu | nano | 0.9.0 |
| gnu | nano | 1.3.4 |
| gnu | nano | 2.1.3 |
| gnu | nano | 0.8.3 |
| gnu | nano | 2.2.0 |
| gnu | nano | 1.2.4 |
| gnu | nano | 1.0.2 |
| gnu | nano | 1.2.3 |
| gnu | nano | 1.9.99pre3 |
| gnu | nano | 2.0.2 |
| gnu | nano | 1.0.9 |
| gnu | nano | 0.9.12 |
| gnu | nano | 1.3.11 |
| gnu | nano | 0.8.9 |
| gnu | nano | 2.0.5 |
| gnu | nano | 0.8.0 |
| gnu | nano | 1.1.5 |
| gnu | nano | 0.9.99pre1 |
| gnu | nano | 1.1.99pre2 |
| gnu | nano | 2.1.0 |
| gnu | nano | 2.1.9 |
| gnu | nano | 0.6.1 |
| gnu | nano | 1.1.10 |
| gnu | nano | 0.9.4 |
| gnu | nano | 2.1.11 |
| gnu | nano | 1.2.5 |
| gnu | nano | 0.9.20 |
| gnu | nano | 0.9.7 |
| gnu | nano | 1.3.5 |
| gnu | nano | 0.5.5 |
| gnu | nano | 0.7.0 |
| gnu | nano | 0.7.2 |
| gnu | nano | 0.7.3 |
| gnu | nano | 2.1.4 |
| gnu | nano | 0.9.24 |
| gnu | nano | 0.9.18 |
| gnu | nano | 1.3.7 |
| gnu | nano | 0.8.7 |
| gnu | nano | 2.1.1 |
| gnu | nano | 0.8.4 |
| gnu | nano | 0.6.4 |
| gnu | nano | 1.1.7 |
| gnu | nano | 2.2.1 |
| gnu | nano | 2.1.8 |
| gnu | nano | 1.1.99pre3 |
| gnu | nano | 0.7.1 |
| gnu | nano | 0.6.9 |
| gnu | nano | 0.9.17 |
| gnu | nano | 0.9.22 |
| gnu | nano | 0.9.16 |
| gnu | nano | 0.8.6 |
| gnu | nano | 2.1.2 |
| gnu | nano | 1.1.9 |
| gnu | nano | 2.1.99pre1 |
| gnu | nano | 1.3.0 |
| gnu | nano | 2.1.10 |
| gnu | nano | 0.9.25 |
| gnu | nano | 1.3.2 |
| gnu | nano | 1.0.6 |
| gnu | nano | 2.0.1 |
| gnu | nano | 1.2.1 |
| gnu | nano | 1.0.7 |
| gnu | nano | 2.0.3 |
| gnu | nano | 0.6.6 |
| gnu | nano | 1.3.6 |
| gnu | nano | 2.1.6 |
| gnu | nano | 2.0.0 |
| gnu | nano | 0.7.6 |
| gnu | nano | 0.6.2 |
| gnu | nano | 0.9.2 |
| gnu | nano | 1.1.99pre1 |
| gnu | nano | 2.1.7 |
| gnu | nano | 0.9.99pre2 |
| gnu | nano | 1.1.1 |
| gnu | nano | 0.6.0 |
| gnu | nano | 1.1.4 |
| gnu | nano | 1.2.2 |
| gnu | nano | 0.8.1 |
| gnu | nano | 0.9.11 |
| gnu | nano | 1.3.1 |
| gnu | nano | 2.0.6 |
| gnu | nano | 2.2.2 |
| gnu | nano | 0.9.3 |
| gnu | nano | 0.9.99pre3 |
| gnu | nano | 1.0.8 |
| gnu | nano | 1.9.99pre2 |
| gnu | nano | 1.1.0 |
| gnu | nano | 1.9.99pre1 |
| gnu | nano | 1.1.8 |
| gnu | nano | 0.9.6 |
| gnu | nano | 1.3.10 |
| gnu | nano | 0.5.4 |
| gnu | nano | 0.7.9 |
| gnu | nano | 0.9.9 |
| gnu | nano | 1.2.0 |
| gnu | nano | 0.7.4 |
| gnu | nano | 1.3.12 |
| gnu | nano | 0.9.23 |
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gv | * |
| gnu | gv | 3.6.2 |
| gnu | gv | 3.5.8 |
| gnu | gv | 3.6.5 |
| gnu | gv | 3.6.0 |
| gnu | gv | 3.6.6 |
| gnu | gv | 3.6.1 |
| gnu | gv | 3.6.7 |
| gnu | gv | 3.6.8 |
| gnu | gv | 3.6.4 |
| gnu | gv | 3.6.3 |
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.8.2 |
| gnu | wget | 1.10.1 |
| gnu | wget | 1.11.4 |
| gnu | wget | 1.8 |
| gnu | wget | 1.7 |
| gnu | wget | 1.7.1 |
| gnu | wget | 1.6 |
| gnu | wget | 1.10 |
| gnu | wget | * |
| gnu | wget | 1.10.2 |
| gnu | wget | 1.11.2 |
| gnu | wget | 1.11 |
| gnu | wget | 1.8.1 |
| gnu | wget | 1.11.1 |
| gnu | wget | 1.9.1 |
| gnu | wget | 1.11.3 |
| gnu | wget | 1.9 |
| gnu | wget | 1.5.3 |
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.1 |
| gnu | mailman | 2.1.11 |
| gnu | mailman | * |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1.8 |
| gnu | mailman | 2.1.6 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.10 |
| gnu | mailman | 2.1.12 |
| gnu | mailman | 2.1.13 |
| gnu | mailman | 2.1.9 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.1.7 |
Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 1.09.1 |
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 1.09.1 |
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | * |
| opensuse | opensuse | 2007.05.10 |
| opensuse | opensuse | 2010.07.28 |
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnash | 0.8.8 |
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnu_patch | 2.5.9 |
| gnu | gnu_patch | 2.5.4 |
| gnu | gnu_patch | 2.5 |
| gnu | gnu_patch | * |
| gnu | gnu_patch | 2.6 |
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | * |
| gnu | glibc | 2.5-49.el5_5.6 |
| gnu | glibc | 2.12-1.7.el6_0.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.0.5 |
| gnu | mailman | 2.0.12 |
| gnu | mailman | 2.0.7 |
| gnu | mailman | 2.1.11 |
| gnu | mailman | * |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1.8 |
| gnu | mailman | 2.1b1 |
| gnu | mailman | 2.1.6 |
| gnu | mailman | 2.1.10 |
| gnu | mailman | 2.0.1 |
| gnu | mailman | 2.0.8 |
| gnu | mailman | 1.0 |
| gnu | mailman | 2.1.5.8 |
| gnu | mailman | 2.1 |
| gnu | mailman | 1.1 |
| gnu | mailman | 2.0.9 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.0.2 |
| gnu | mailman | 2.0.10 |
| gnu | mailman | 2.0.14 |
| gnu | mailman | 2.1.14 |
| gnu | mailman | 2.0.3 |
| gnu | mailman | 2.0.4 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.12 |
| gnu | mailman | 2.1.13 |
| gnu | mailman | 2.0 |
| gnu | mailman | 2.1.9 |
| gnu | mailman | 2.0.11 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.0.6 |
| gnu | mailman | 2.1.7 |
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | eglibc | * |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
CVSS 2.0
Severity: LOW
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 1.07 |
| gnu | glibc | * |
| gnu | glibc | 1.05 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 1.06 |
| gnu | glibc | 2.10.2 |
| gnu | glibc | 2.4 |
| gnu | glibc | 1.09.1 |
| gnu | glibc | 1.03 |
| gnu | glibc | 1.09 |
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 1.04 |
| gnu | glibc | 2.3.10 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 1.08 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 1.01 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.12.0 |
| gnu | glibc | 2.1 |
| gnu | glibc | 1.02 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 1.00 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.1.3.10 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.3.1 |
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.12 |
| gnu | eglibc | * |
| gnu | glibc | * |
| gnu | glibc | 2.12.1 |
phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | phpbook | 2.1.0 |
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 2.12.2 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.12.10 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.12.5 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.12.12 |
| gnu | gnutls | 3.0.2 |
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnash | 0.8.5 |
| gnu | gnash | 0.8.9 |
| gnu | gnash | * |
| gnu | gnash | 0.8.7 |
| gnu | gnash | 0.8.8 |
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | 6.1 |
| gnu | gdb | 6.3 |
| gnu | gdb | 6.2 |
| gnu | gdb | 5.0.93 |
| gnu | gdb | 6.7.1 |
| gnu | gdb | 5.1 |
| gnu | gdb | 5.1.1 |
| gnu | gdb | 6.2.1 |
| gnu | gdb | 6.8 |
| gnu | gdb | 6.1.1 |
| gnu | gdb | 7.0 |
| gnu | gdb | 5.0.92 |
| gnu | gdb | 6.0 |
| gnu | gdb | 6.6 |
| gnu | gdb | 7.4 |
| gnu | gdb | 6.7 |
| gnu | gdb | 7.0.1 |
| gnu | gdb | 5.2 |
| gnu | gdb | 7.2 |
| gnu | gdb | 6.4 |
| gnu | gdb | 4.18 |
| gnu | gdb | 6.5 |
| gnu | gdb | 7.1 |
| gnu | gdb | 5.0 |
| gnu | gdb | 7.3.1 |
| gnu | gdb | 5.3 |
| gnu | gdb | * |
| gnu | gdb | 7.3 |
| gnu | gdb | 5.2.1 |
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| suse | linux_enterprise_desktop | 10 |
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_server | 9 |
| fedoraproject | fedora | 15 |
| fedoraproject | fedora | 16 |
| debian | debian_linux | 7.0 |
| suse | linux_enterprise_software_development_kit | 10 |
| mit | krb5-appl | * |
| freebsd | freebsd | * |
| suse | linux_enterprise_software_development_kit | 11 |
| debian | debian_linux | 5.0 |
| suse | linux_enterprise_server | 10 |
| opensuse | opensuse | 11.3 |
| gnu | inetutils | * |
| suse | linux_enterprise_server | 11 |
| heimdal_project | heimdal | * |
| debian | debian_linux | 6.0 |
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1 |
| gnu | mailman | 2.1.11 |
| gnu | mailman | 2.0.13 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1.8 |
| gnu | mailman | 2.1.6 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.10 |
| gnu | mailman | 2.1.12 |
| gnu | mailman | 2.1.9 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.1.7 |
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.1 |
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| eric_m_ludlam | cedet | * |
| gnu | emacs | 23.1 |
| gnu | emacs | 20.6 |
| gnu | emacs | * |
| gnu | emacs | 20.4 |
| gnu | emacs | 23.4 |
| gnu | emacs | 22.3 |
| gnu | emacs | 21 |
| gnu | emacs | 21.1 |
| gnu | emacs | 21.2 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| gnu | emacs | 21.2.1 |
| gnu | emacs | 21.3.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.7 |
| gnu | emacs | 21.3 |
| gnu | emacs | 20.2 |
| gnu | emacs | 23.2 |
| eric_m_ludlam | cedet | 1.0 |
| gnu | emacs | 21.4 |
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 2.12.2 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 2.6.4 |
| gnu | gnutls | 2.10.5 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 2.8.2 |
| gnu | gnutls | 2.6.6 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 2.10.5-x86 |
| gnu | gnutls | 2.8.5 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 2.4.1 |
| gnu | gnutls | 2.10.1-x86 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 2.10.2 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 2.4.3 |
| gnu | gnutls | 2.8.0 |
| gnu | gnutls | 2.12.10 |
| gnu | gnutls | * |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.8.3 |
| gnu | gnutls | 2.12.5 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.10.4 |
| gnu | gnutls | 2.4.2 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 2.10.1 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| gnu | gnutls | 2.8.6 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.6.5 |
| gnu | gnutls | 2.8.4 |
| gnu | gnutls | 2.10.0 |
| gnu | gnutls | 2.10.3 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 2.6.3 |
| gnu | gnutls | 2.10.2-x86 |
| gnu | gnutls | 2.12.14 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.8.1 |
| gnu | gnutls | 2.12.12 |
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.14 |
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | libtasn1 | 2.10 |
| gnu | gnutls | 1.1.21 |
| gnu | libtasn1 | 0.3.10 |
| gnu | libtasn1 | 0.2.9 |
| gnu | gnutls | 2.10.5 |
| gnu | libtasn1 | 2.0 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.7.12 |
| gnu | libtasn1 | 2.8 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.4.1 |
| gnu | libtasn1 | 0.2.0 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 2.10.2 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.3.3 |
| gnu | libtasn1 | 2.4 |
| gnu | libtasn1 | 0.2.5 |
| gnu | libtasn1 | 2.3 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 3.0 |
| gnu | libtasn1 | 1.1 |
| gnu | libtasn1 | 0.3.9 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 2.4.3 |
| gnu | libtasn1 | 0.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | libtasn1 | * |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 2.7.4 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | libtasn1 | 0.1.0 |
| gnu | gnutls | 2.12.5 |
| gnu | libtasn1 | 0.1.1 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 1.4.3 |
| gnu | libtasn1 | 1.8 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 1.7.11 |
| gnu | libtasn1 | 2.6 |
| gnu | gnutls | 2.8.4 |
| gnu | gnutls | 2.10.0 |
| gnu | gnutls | 3.0.13 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 2.6.3 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 2.12.14 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 2.12.12 |
| gnu | gnutls | 3.0.14 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 1.2.9 |
| gnu | libtasn1 | 1.5 |
| gnu | gnutls | 2.6.4 |
| gnu | libtasn1 | 0.2.3 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 2.6.6 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 1.7.7 |
| gnu | libtasn1 | 0.3.2 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 1.0.17 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 2.8.0 |
| gnu | libtasn1 | 0.2.16 |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.0.25 |
| gnu | libtasn1 | 0.2.15 |
| gnu | libtasn1 | 1.7 |
| gnu | gnutls | 1.7.18 |
| gnu | gnutls | 2.12.10 |
| gnu | libtasn1 | 0.2.17 |
| gnu | libtasn1 | 0.2.8 |
| gnu | gnutls | 2.1.0 |
| gnu | libtasn1 | 2.2 |
| gnu | libtasn1 | 0.2.18 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| gnu | libtasn1 | 2.5 |
| gnu | gnutls | 2.8.6 |
| gnu | gnutls | 2.10.3 |
| gnu | libtasn1 | 2.1 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.1.5 |
| gnu | libtasn1 | 0.2.10 |
| gnu | gnutls | 2.12.2 |
| gnu | libtasn1 | 0.3.4 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 1.2.8.1a1 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 1.0.18 |
| gnu | libtasn1 | 2.7 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 1.6.0 |
| gnu | gnutls | 1.5.3 |
| gnu | libtasn1 | 1.6 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 1.7.9 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | libtasn1 | 0.2.13 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | * |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.8.3 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 3.0.10 |
| gnu | libtasn1 | 1.2 |
| gnu | libtasn1 | 0.3.8 |
| gnu | libtasn1 | 0.2.11 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.6.5 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.6.3 |
| gnu | libtasn1 | 0.3.0 |
| gnu | gnutls | 1.4.5 |
| gnu | gnutls | 3.0.11 |
| gnu | libtasn1 | 1.3 |
| gnu | libtasn1 | 1.0 |
| gnu | libtasn1 | 0.2.7 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 2.8.2 |
| gnu | libtasn1 | 0.3.6 |
| gnu | libtasn1 | 0.3.3 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.8.5 |
| gnu | libtasn1 | 2.9 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 1.7.17 |
| gnu | gnutls | 1.4.4 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.3.6 |
| gnu | libtasn1 | 0.3.7 |
| gnu | libtasn1 | 0.2.12 |
| gnu | gnutls | 1.1.22 |
| gnu | libtasn1 | 0.3.5 |
| gnu | gnutls | 1.5.1 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 1.7.14 |
| gnu | libtasn1 | 1.4 |
| gnu | libtasn1 | 0.2.6 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.10.4 |
| gnu | gnutls | 2.4.2 |
| gnu | gnutls | 2.10.1 |
| gnu | libtasn1 | 0.2.4 |
| gnu | libtasn1 | 0.3.1 |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 1.0.16 |
| gnu | gnutls | 2.8.1 |
| gnu | libtasn1 | 0.2.1 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | libtasn1 | 0.1.2 |
| gnu | gnutls | 2.5.0 |
| gnu | libtasn1 | 0.2.14 |
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.12.15 |
| gnu | gnutls | 3.0.11 |
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 2.12.2 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 2.6.4 |
| gnu | gnutls | 2.10.5 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 2.8.2 |
| gnu | gnutls | 2.6.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 2.8.5 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.4.1 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 2.10.2 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 3.0 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 2.4.3 |
| gnu | gnutls | 2.8.0 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 2.12.10 |
| gnu | gnutls | 2.7.4 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | * |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.8.3 |
| gnu | gnutls | 2.12.5 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 3.0.10 |
| gnu | gnutls | 2.10.4 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 2.4.2 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 2.10.1 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| gnu | gnutls | 2.8.6 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.6.5 |
| gnu | gnutls | 2.8.4 |
| gnu | gnutls | 2.10.0 |
| gnu | gnutls | 2.10.3 |
| gnu | gnutls | 3.0.13 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 2.6.3 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 2.12.14 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.8.1 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 2.12.12 |
| gnu | gnutls | 3.0.14 |
| gnu | gnutls | 2.1.5 |
| gnu | gnutls | 2.5.0 |
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 1.1.21 |
| gnu | gnutls | 2.12.2 |
| gnu | gnutls | 2.10.5 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 1.2.8.1a1 |
| gnu | gnutls | 1.1.17 |
| gnu | gnutls | 1.7.10 |
| gnu | gnutls | 1.1.19 |
| gnu | gnutls | 1.0.22 |
| gnu | gnutls | 1.4.2 |
| gnu | gnutls | 1.7.12 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.4.1 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 1.1.14 |
| gnu | gnutls | 2.10.2 |
| gnu | gnutls | 1.0.18 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 1.6.0 |
| gnu | gnutls | 1.5.3 |
| gnu | gnutls | 1.1.13 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 3.0 |
| gnu | gnutls | 1.4.0 |
| gnu | gnutls | 1.7.9 |
| gnu | gnutls | 1.7.3 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 1.1.16 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 2.4.3 |
| gnu | gnutls | 1.1.15 |
| gnu | gnutls | 1.3.2 |
| gnu | gnutls | 1.2.2 |
| gnu | gnutls | 1.6.1 |
| gnu | gnutls | 1.2.0 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 1.0.21 |
| gnu | gnutls | 1.1.20 |
| gnu | gnutls | 1.1.23 |
| gnu | gnutls | 2.7.4 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | * |
| gnu | gnutls | 1.2.1 |
| gnu | gnutls | 2.8.3 |
| gnu | gnutls | 2.12.5 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 1.2.4 |
| gnu | gnutls | 3.0.10 |
| gnu | gnutls | 1.4.3 |
| gnu | gnutls | 1.3.4 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 1.7.11 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.6.5 |
| gnu | gnutls | 2.8.4 |
| gnu | gnutls | 2.10.0 |
| gnu | gnutls | 1.2.7 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 1.0.20 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 1.2.8 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 2.6.3 |
| gnu | gnutls | 1.0.23 |
| gnu | gnutls | 1.3.1 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 2.12.14 |
| gnu | gnutls | 1.5.5 |
| gnu | gnutls | 1.7.0 |
| gnu | gnutls | 1.7.8 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 1.7.1 |
| gnu | gnutls | 2.12.12 |
| gnu | gnutls | 1.6.3 |
| gnu | gnutls | 1.4.5 |
| gnu | gnutls | 1.7.15 |
| gnu | gnutls | 1.3.3 |
| gnu | gnutls | 3.0.11 |
| gnu | gnutls | 1.3.5 |
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 1.2.9 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 1.0.24 |
| gnu | gnutls | 2.6.4 |
| gnu | gnutls | 1.5.4 |
| gnu | gnutls | 2.8.2 |
| gnu | gnutls | 1.2.6 |
| gnu | gnutls | 2.6.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 1.7.4 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 2.8.5 |
| gnu | gnutls | 1.2.5 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 1.7.6 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 1.7.7 |
| gnu | gnutls | 1.7.17 |
| gnu | gnutls | 1.4.4 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 1.7.13 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 1.0.17 |
| gnu | gnutls | 1.7.2 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 1.1.18 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 1.0.19 |
| gnu | gnutls | 1.1.22 |
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 1.2.10 |
| gnu | gnutls | 2.8.0 |
| gnu | gnutls | 1.4.1 |
| gnu | gnutls | 1.5.1 |
| gnu | gnutls | 1.0.25 |
| gnu | gnutls | 1.2.3 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 1.7.14 |
| gnu | gnutls | 1.7.18 |
| gnu | gnutls | 2.12.10 |
| gnu | gnutls | 1.2.11 |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.10.4 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 2.4.2 |
| gnu | gnutls | 1.5.0 |
| gnu | gnutls | 1.7.16 |
| gnu | gnutls | 2.10.1 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| gnu | gnutls | 2.8.6 |
| gnu | gnutls | 2.10.3 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 1.7.19 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 1.0.16 |
| gnu | gnutls | 1.6.2 |
| gnu | gnutls | 1.7.5 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.8.1 |
| gnu | gnutls | 1.3.0 |
| gnu | gnutls | 1.5.2 |
| gnu | gnutls | 2.1.5 |
| gnu | gnutls | 2.5.0 |
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | automake | 1.6 |
| gnu | automake | 1.9.4 |
| gnu | automake | 1.3 |
| gnu | automake | 1.11.2 |
| gnu | automake | 1.11.3 |
| gnu | automake | 1.6.1 |
| gnu | automake | 1.7.2 |
| gnu | automake | 1.7.9 |
| gnu | automake | 1.7.1 |
| gnu | automake | 1.7.4 |
| gnu | automake | 1.7 |
| gnu | automake | 1.7.7 |
| gnu | automake | 1.0 |
| gnu | automake | 1.9.3 |
| gnu | automake | 1.7.3 |
| gnu | automake | 1.8.2 |
| gnu | automake | 1.9.5 |
| gnu | automake | 1.6.3 |
| gnu | automake | 1.9.6 |
| gnu | automake | 1.11.4 |
| gnu | automake | 1.4 |
| gnu | automake | 1.12.1 |
| gnu | automake | 1.8.4 |
| gnu | automake | 1.9 |
| gnu | automake | 1.10.1 |
| gnu | automake | 1.10.3 |
| gnu | automake | 1.8 |
| gnu | automake | 1.7.8 |
| gnu | automake | 1.8.1 |
| gnu | automake | 1.12 |
| gnu | automake | 1.9.2 |
| gnu | automake | 1.9.1 |
| gnu | automake | * |
| gnu | automake | 1.6.2 |
| gnu | automake | 1.10 |
| gnu | automake | 1.8.3 |
| gnu | automake | 1.8.5 |
| gnu | automake | 1.10.2 |
| gnu | automake | 1.10.0.3 |
| gnu | automake | 1.2 |
| gnu | automake | 1.7.6 |
| gnu | automake | 1.5 |
| gnu | automake | 1.11.1 |
| gnu | automake | 1.7.5 |
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.16 |
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | - |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| debian | debian_linux | 7.0 |
| gnu | binutils | * |
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grep | * |
| gnu | grep | 2.3 |
| gnu | grep | 2.6.1 |
| gnu | grep | 2.4 |
| gnu | grep | 2.5.3 |
| gnu | grep | 2.9 |
| gnu | grep | 2.6.3 |
| gnu | grep | 2.6.2 |
| gnu | grep | 2.2 |
| gnu | grep | 2.5 |
| gnu | grep | 2.7 |
| gnu | grep | 2.4.1 |
| gnu | grep | 2.4.2 |
| gnu | grep | 2.6 |
| gnu | grep | 2.5.1 |
| gnu | grep | 2.8 |
| gnu | grep | 2.5.4 |
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| debian | debian_linux | 7.0 |
| gnu | glibc | * |
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | * |
| redhat | enterprise_linux | 7.0 |
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.17 |
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.12.15 |
| gnu | gnutls | 2.3.4 |
| gnu | gnutls | 2.12.2 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 2.10.5 |
| gnu | gnutls | 2.2.4 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 3.0.18 |
| gnu | gnutls | 3.0.21 |
| gnu | gnutls | 2.12.13 |
| gnu | gnutls | 2.3.9 |
| gnu | gnutls | 2.4.1 |
| gnu | gnutls | 3.0.17 |
| gnu | gnutls | 2.3.1 |
| gnu | gnutls | 2.10.2 |
| gnu | gnutls | 2.1.2 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 2.3.3 |
| gnu | gnutls | 2.0.1 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 3.0 |
| gnu | gnutls | 2.12.6.1 |
| gnu | gnutls | 2.12.22 |
| gnu | gnutls | 2.12.19 |
| gnu | gnutls | 3.0.24 |
| gnu | gnutls | 2.1.8 |
| gnu | gnutls | 2.4.3 |
| gnu | gnutls | 2.1.4 |
| gnu | gnutls | 2.3.2 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 2.7.4 |
| gnu | gnutls | 2.2.3 |
| gnu | gnutls | 2.0.4 |
| gnu | gnutls | 3.0.22 |
| gnu | gnutls | 2.8.3 |
| gnu | gnutls | 2.12.5 |
| gnu | gnutls | 2.12.1 |
| gnu | gnutls | 2.3.0 |
| gnu | gnutls | 3.0.10 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.0.23 |
| gnu | gnutls | 2.2.1 |
| gnu | gnutls | 2.12.9 |
| gnu | gnutls | 2.6.5 |
| gnu | gnutls | 2.8.4 |
| gnu | gnutls | 2.10.0 |
| gnu | gnutls | 3.0.13 |
| gnu | gnutls | 2.3.5 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 2.3.11 |
| gnu | gnutls | 2.3.7 |
| gnu | gnutls | 2.6.3 |
| gnu | gnutls | 2.1.6 |
| gnu | gnutls | 2.12.14 |
| gnu | gnutls | 2.1.3 |
| gnu | gnutls | 2.12.12 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.0.14 |
| gnu | gnutls | 3.0.11 |
| gnu | gnutls | 2.12.0 |
| gnu | gnutls | 2.12.7 |
| gnu | gnutls | 3.0.19 |
| gnu | gnutls | 2.6.4 |
| gnu | gnutls | 2.8.2 |
| gnu | gnutls | 3.0.25 |
| gnu | gnutls | 2.6.6 |
| gnu | gnutls | 2.0.3 |
| gnu | gnutls | 2.12.6 |
| gnu | gnutls | 2.2.2 |
| gnu | gnutls | 2.1.7 |
| gnu | gnutls | 2.8.5 |
| gnu | gnutls | 3.0.26 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 2.12.16 |
| gnu | gnutls | 2.12.3 |
| gnu | gnutls | 2.12.4 |
| gnu | gnutls | 2.12.18 |
| gnu | gnutls | 2.12.21 |
| gnu | gnutls | 3.0.20 |
| gnu | gnutls | 2.12.8 |
| gnu | gnutls | 2.3.10 |
| gnu | gnutls | 3.0.16 |
| gnu | gnutls | 2.0.2 |
| gnu | gnutls | 2.6.1 |
| gnu | gnutls | 2.0.0 |
| gnu | gnutls | 2.12.20 |
| gnu | gnutls | 2.2.0 |
| gnu | gnutls | 3.0.27 |
| gnu | gnutls | 2.1.1 |
| gnu | gnutls | 2.3.6 |
| gnu | gnutls | 2.12.11 |
| gnu | gnutls | 2.12.17 |
| gnu | gnutls | 2.8.0 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 2.12.10 |
| gnu | gnutls | 3.0.15 |
| gnu | gnutls | 2.1.0 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 2.10.4 |
| gnu | gnutls | 2.3.8 |
| gnu | gnutls | 2.4.2 |
| gnu | gnutls | 2.10.1 |
| gnu | gnutls | 2.4.0 |
| gnu | gnutls | 2.6.0 |
| gnu | gnutls | 2.8.6 |
| gnu | gnutls | 2.10.3 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 2.2.5 |
| gnu | gnutls | 2.6.2 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 2.8.1 |
| gnu | gnutls | 2.1.5 |
| gnu | gnutls | 2.5.0 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.7 |
| gnu | glibc | 2.8 |
| gnu | glibc | 2.2.1 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.2 |
| gnu | glibc | 2.2.4 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.5.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.3 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.3.3 |
| gnu | glibc | 2.3.6 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.3.4 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.6.1 |
| gnu | glibc | 2.2.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.5 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.2.5 |
| gnu | glibc | 2.3.5 |
| gnu | glibc | 2.4 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.3.1 |
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 2.12.23 |
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| fedoraproject | fedora | 18 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
| fedoraproject | fedora | 19 |
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.17 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.17 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| redhat | enterprise_linux | 5 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.17 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| suse | linux_enterprise_server | 11 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| suse | linux_enterprise_debuginfo | 11 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.1.13 |
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.1 |
| opensuse | opensuse | 13.1 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.5 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.1.13 |
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub | - |
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.4 |
| gnu | eglibc | * |
| gnu | glibc | 2.0.5 |
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | rush | 1.7 |
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libmicrohttpd | 0.9.26 |
| gnu | libmicrohttpd | 0.9.28 |
| gnu | libmicrohttpd | 0.9.29 |
| gnu | libmicrohttpd | 0.9.25 |
| gnu | libmicrohttpd | 0.9.30 |
| gnu | libmicrohttpd | * |
| gnu | libmicrohttpd | 0.9.24 |
| gnu | libmicrohttpd | 0.9.27 |
| gnu | libmicrohttpd | 0.9.22 |
| gnu | libmicrohttpd | 0.9.18 |
| gnu | libmicrohttpd | 0.9.23 |
| gnu | libmicrohttpd | 0.9.19 |
| gnu | libmicrohttpd | 0.9.20 |
| gnu | libmicrohttpd | 0.9.17 |
| gnu | libmicrohttpd | 0.9.21 |
| gnu | libmicrohttpd | 0.9.16 |
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libmicrohttpd | 0.9.26 |
| gnu | libmicrohttpd | 0.9.28 |
| gnu | libmicrohttpd | 0.9.29 |
| gnu | libmicrohttpd | 0.9.25 |
| gnu | libmicrohttpd | 0.9.30 |
| gnu | libmicrohttpd | * |
| gnu | libmicrohttpd | 0.9.24 |
| gnu | libmicrohttpd | 0.9.27 |
| gnu | libmicrohttpd | 0.9.22 |
| gnu | libmicrohttpd | 0.9.18 |
| gnu | libmicrohttpd | 0.9.23 |
| gnu | libmicrohttpd | 0.9.19 |
| gnu | libmicrohttpd | 0.9.20 |
| gnu | libmicrohttpd | 0.9.17 |
| gnu | libmicrohttpd | 0.9.21 |
| gnu | libmicrohttpd | 0.9.16 |
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 10.04 |
| redhat | enterprise_linux_server_aus | 6.5 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| opensuse | opensuse | 13.1 |
| gnu | glibc | * |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.1.20 |
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.2.8 |
| gnu | gnutls | 3.2.6 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.2.8.1 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.19 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | * |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.5 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.2.9 |
| gnu | gnutls | 3.2.7 |
| gnu | gnutls | 3.1.13 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.18 |
| gnu | gnutls | 3.1.16 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.2.10 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.1.17 |
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | a2ps | 4.14 |
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.12 |
| gnu | glibc | 2.17 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.18 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | exosip | * |
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.2.8 |
| gnu | gnutls | 3.2.6 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.2.8.1 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.19 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | * |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.5 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.2.9 |
| gnu | gnutls | 3.2.7 |
| gnu | gnutls | 3.1.13 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.18 |
| gnu | gnutls | 3.1.16 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.1.17 |
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mageia | mageia | 4.0 |
| gnu | readline | 4.1 |
| gnu | readline | * |
| gnu | readline | 4.0 |
| gnu | readline | 4.2 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 12.3 |
| gnu | readline | 6.0 |
| mageia | mageia | 3.0 |
| gnu | readline | 2.1 |
| gnu | readline | 5.0 |
| gnu | readline | 4.3 |
| fedoraproject | fedora | 20 |
| gnu | readline | 5.1 |
| gnu | readline | 2.2 |
| gnu | readline | 5.2 |
| gnu | readline | 6.2 |
| gnu | readline | 6.1 |
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.1 |
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 24.2 |
| gnu | emacs | 23.1 |
| gnu | emacs | 20.6 |
| gnu | emacs | * |
| gnu | emacs | 20.4 |
| gnu | emacs | 23.4 |
| gnu | emacs | 22.3 |
| gnu | emacs | 21 |
| gnu | emacs | 21.1 |
| gnu | emacs | 21.2 |
| mageia_project | mageia | 4 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| mageia_project | mageia | 3 |
| gnu | emacs | 21.2.1 |
| gnu | emacs | 21.3.1 |
| gnu | emacs | 24.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.7 |
| gnu | emacs | 21.3 |
| gnu | emacs | 20.2 |
| gnu | emacs | 23.2 |
| gnu | emacs | 21.4 |
| gnu | emacs | 23.3 |
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.1 |
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 24.2 |
| gnu | emacs | 23.1 |
| gnu | emacs | 20.6 |
| gnu | emacs | * |
| gnu | emacs | 20.4 |
| gnu | emacs | 23.4 |
| gnu | emacs | 22.3 |
| gnu | emacs | 21 |
| gnu | emacs | 21.1 |
| gnu | emacs | 21.2 |
| mageia_project | mageia | 4 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| mageia_project | mageia | 3 |
| gnu | emacs | 21.2.1 |
| gnu | emacs | 21.3.1 |
| gnu | emacs | 24.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.7 |
| gnu | emacs | 21.3 |
| gnu | emacs | 20.2 |
| gnu | emacs | 23.2 |
| gnu | emacs | 21.4 |
| gnu | emacs | 23.3 |
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.1 |
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 24.2 |
| gnu | emacs | 23.1 |
| gnu | emacs | 20.6 |
| gnu | emacs | * |
| gnu | emacs | 20.4 |
| gnu | emacs | 23.4 |
| gnu | emacs | 22.3 |
| gnu | emacs | 21 |
| gnu | emacs | 21.1 |
| gnu | emacs | 21.2 |
| mageia_project | mageia | 4 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| mageia_project | mageia | 3 |
| gnu | emacs | 21.2.1 |
| gnu | emacs | 21.3.1 |
| gnu | emacs | 24.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.7 |
| gnu | emacs | 21.3 |
| gnu | emacs | 20.2 |
| gnu | emacs | 23.2 |
| gnu | emacs | 21.4 |
| gnu | emacs | 23.3 |
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 20.1 |
| gnu | emacs | 20.3 |
| gnu | emacs | 20.5 |
| gnu | emacs | 24.2 |
| gnu | emacs | 23.1 |
| gnu | emacs | 20.6 |
| gnu | emacs | * |
| gnu | emacs | 20.4 |
| gnu | emacs | 23.4 |
| gnu | emacs | 22.3 |
| gnu | emacs | 21 |
| gnu | emacs | 21.1 |
| gnu | emacs | 21.2 |
| mageia_project | mageia | 4 |
| gnu | emacs | 22.2 |
| gnu | emacs | 22.1 |
| mageia_project | mageia | 3 |
| gnu | emacs | 21.2.1 |
| gnu | emacs | 21.3.1 |
| gnu | emacs | 24.1 |
| gnu | emacs | 20.0 |
| gnu | emacs | 20.7 |
| gnu | emacs | 21.3 |
| gnu | emacs | 20.2 |
| gnu | emacs | 23.2 |
| gnu | emacs | 21.4 |
| gnu | emacs | 23.3 |
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.0.11 |
| gnu | gnutls | 3.2.8.1 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.0.19 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 3.0.25 |
| gnu | gnutls | 3.0.18 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.5 |
| gnu | gnutls | 3.0.21 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.0.26 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.2.9 |
| gnu | gnutls | 3.2.7 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 3.1.13 |
| gnu | gnutls | 3.0.17 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.18 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 3.0.28 |
| gnu | gnutls | 3.0.20 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 3.0.16 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.0.27 |
| gnu | gnutls | 3.0.24 |
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.2.8 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 3.2.6 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.19 |
| gnu | gnutls | 3.0.15 |
| gnu | gnutls | 3.0.22 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 3.0.10 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.0.23 |
| gnu | gnutls | 3.1.16 |
| gnu | gnutls | 3.0.13 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.0.14 |
| gnu | gnutls | 3.1.17 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.1.20 |
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.2.8 |
| gnu | gnutls | 3.2.6 |
| gnu | gnutls | 3.2.13 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.2.8.1 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.3.0 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.1.19 |
| gnu | gnutls | 3.1.22 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | * |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.2.5 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.2.12 |
| gnu | gnutls | 3.1.23 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.2.9 |
| gnu | gnutls | 3.2.7 |
| gnu | gnutls | 3.2.14 |
| gnu | gnutls | 3.1.13 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.21 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.18 |
| gnu | gnutls | 3.3.3 |
| gnu | gnutls | 3.2.11 |
| gnu | gnutls | 3.1.16 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.3.1 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.2.10 |
| gnu | gnutls | 3.3.2 |
| gnu | gnutls | 3.2.12.1 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.1.8 |
| gnu | gnutls | 3.1.17 |
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_eus | 6.5 |
| redhat | virtualization | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| gnu | libtasn1 | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| suse | linux_enterprise_high_availability_extension | 11 |
| gnu | gnutls | * |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| suse | linux_enterprise_server | 11 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| f5 | arx_firmware | * |
| redhat | enterprise_linux_desktop | 7.0 |
| suse | linux_enterprise_desktop | 11 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.6 |
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-131,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_eus | 6.5 |
| redhat | virtualization | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| gnu | libtasn1 | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| suse | linux_enterprise_high_availability_extension | 11 |
| gnu | gnutls | * |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| suse | linux_enterprise_server | 11 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| f5 | arx_firmware | * |
| redhat | enterprise_linux_desktop | 7.0 |
| suse | linux_enterprise_desktop | 11 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.6 |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_eus | 6.5 |
| redhat | virtualization | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| gnu | libtasn1 | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| suse | linux_enterprise_high_availability_extension | 11 |
| gnu | gnutls | * |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| suse | linux_enterprise_server | 11 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| suse | linux_enterprise_desktop | 11 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.6 |
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| gnu | gpgme | * |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 6.0 |
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.1 |
| gnu | glibc | * |
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.13.1 |
| gnu | wget | 1.13.2 |
| gnu | wget | * |
| gnu | wget | 1.13.3 |
| gnu | wget | 1.12 |
| gnu | wget | 1.13.4 |
| gnu | wget | 1.13 |
| gnu | wget | 1.14 |
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libgfortran | * |
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| gnu | glibc | * |
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.12 |
| gnu | glibc | 2.17 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | * |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.18 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.0.5 |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| f5 | big-iq_cloud | * |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| debian | debian_linux | 7.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| vmware | esx | 4.0 |
| vmware | esx | 4.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| ibm | pureapplication_system | * |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| redhat | enterprise_linux_eus | 6.4 |
| ibm | smartcloud_provisioning | 2.1.0 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-iq_device | * |
| suse | linux_enterprise_desktop | 11 |
| f5 | big-ip_wan_optimization_manager | * |
| f5 | big-iq_security | * |
| redhat | enterprise_linux | 6.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| suse | linux_enterprise_server | 10 |
| ibm | san_volume_controller_firmware | * |
| opensuse | opensuse | 13.2 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| f5 | big-ip_protocol_security_module | * |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_application_security_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_server_tus | 7.3 |
| suse | linux_enterprise_server | 12 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| ibm | stn6800_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_aus | 5.9 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_eus | 7.3 |
| mageia | mageia | 3.0 |
| novell | zenworks_configuration_management | 10.3 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| redhat | enterprise_linux_workstation | 5.0 |
| ibm | storwize_v3500_firmware | * |
| f5 | big-ip_analytics | 11.6.0 |
| suse | linux_enterprise_desktop | 12 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_eus | 7.7 |
| f5 | big-ip_webaccelerator | * |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| f5 | big-ip_global_traffic_manager | * |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| oracle | linux | 4 |
| gnu | bash | * |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_advanced_firewall_manager | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 12.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| redhat | enterprise_linux_desktop | 6.0 |
| f5 | big-ip_link_controller | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| canonical | ubuntu_linux | 10.04 |
| f5 | big-ip_analytics | * |
| oracle | linux | 6 |
| qnap | qts | 4.1.1 |
| f5 | traffix_signaling_delivery_controller | * |
| ibm | pureapplication_system | 2.0.0.0 |
| apple | mac_os_x | * |
| vmware | vcenter_server_appliance | 5.1 |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| novell | zenworks_configuration_management | 11.1 |
| redhat | enterprise_linux_eus | 7.5 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| redhat | enterprise_linux_server_aus | 7.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| novell | open_enterprise_server | 11.0 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server | 6.0 |
| ibm | software_defined_network_for_virtual_environments | * |
| suse | linux_enterprise_software_development_kit | 11 |
| f5 | big-ip_access_policy_manager | * |
| redhat | virtualization | 3.4 |
| f5 | big-ip_policy_enforcement_manager | * |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux | 4.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| f5 | big-ip_application_acceleration_manager | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| f5 | big-ip_local_traffic_manager | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| f5 | arx_firmware | * |
| qnap | qts | * |
| ibm | starter_kit_for_cloud | 2.2.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| vmware | vcenter_server_appliance | 5.5 |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| redhat | enterprise_linux | 7.0 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| f5 | big-ip_link_controller | * |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| mageia | mageia | 4.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| arista | eos | * |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_eus | 6.5 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| f5 | big-ip_application_security_manager | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| oracle | linux | 5 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| citrix | netscaler_sdx_firmware | * |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| suse | linux_enterprise_server | 11 |
| novell | zenworks_configuration_management | 11 |
| f5 | enterprise_manager | * |
| ibm | storwize_v7000_firmware | * |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| redhat | enterprise_linux_server_aus | 5.6 |
| vmware | vcenter_server_appliance | 5.0 |
| ibm | workload_deployer | * |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| checkpoint | security_gateway | * |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| ibm | stn6500_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| novell | open_enterprise_server | 2.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 2.02.1 |
| gnu | bash | 2.03 |
| gnu | bash | 2.05 |
| gnu | bash | 2.01 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 4.3 |
| gnu | bash | 3.2 |
| gnu | bash | 4.2 |
| gnu | bash | 2.01.1 |
| gnu | bash | 1.14.6 |
| gnu | bash | 2.04 |
| gnu | bash | 1.14.5 |
| gnu | bash | 2.02 |
| gnu | bash | 3.0.16 |
| gnu | bash | 1.14.3 |
| gnu | bash | 3.1 |
| gnu | bash | 1.14.2 |
| gnu | bash | 1.14.7 |
| gnu | bash | 1.14.0 |
| gnu | bash | 3.0 |
| gnu | bash | 4.1 |
| gnu | bash | 2.0 |
| gnu | bash | 4.0 |
| gnu | bash | 3.2.48 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 2.02.1 |
| gnu | bash | 2.03 |
| gnu | bash | 2.05 |
| gnu | bash | 2.01 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 4.3 |
| gnu | bash | 3.2 |
| gnu | bash | 4.2 |
| gnu | bash | 2.01.1 |
| gnu | bash | 1.14.6 |
| gnu | bash | 2.04 |
| gnu | bash | 1.14.5 |
| gnu | bash | 2.02 |
| gnu | bash | 3.0.16 |
| gnu | bash | 1.14.3 |
| gnu | bash | 3.1 |
| gnu | bash | 1.14.2 |
| gnu | bash | 1.14.7 |
| gnu | bash | 1.14.0 |
| gnu | bash | 3.0 |
| gnu | bash | 4.1 |
| gnu | bash | 2.0 |
| gnu | bash | 4.0 |
| gnu | bash | 3.2.48 |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| f5 | big-iq_cloud | * |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| debian | debian_linux | 7.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| vmware | esx | 4.0 |
| vmware | esx | 4.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| ibm | pureapplication_system | * |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| redhat | enterprise_linux_eus | 6.4 |
| ibm | smartcloud_provisioning | 2.1.0 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-iq_device | * |
| suse | linux_enterprise_desktop | 11 |
| f5 | big-ip_wan_optimization_manager | * |
| f5 | big-iq_security | * |
| redhat | enterprise_linux | 6.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| suse | linux_enterprise_server | 10 |
| ibm | san_volume_controller_firmware | * |
| opensuse | opensuse | 13.2 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| f5 | big-ip_protocol_security_module | * |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_application_security_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_server_tus | 7.3 |
| suse | linux_enterprise_server | 12 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| ibm | stn6800_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_aus | 5.9 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_eus | 7.3 |
| mageia | mageia | 3.0 |
| novell | zenworks_configuration_management | 10.3 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| redhat | enterprise_linux_workstation | 5.0 |
| ibm | storwize_v3500_firmware | * |
| f5 | big-ip_analytics | 11.6.0 |
| suse | linux_enterprise_desktop | 12 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_eus | 7.7 |
| f5 | big-ip_webaccelerator | * |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| f5 | big-ip_global_traffic_manager | * |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| oracle | linux | 4 |
| gnu | bash | * |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_advanced_firewall_manager | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 12.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| redhat | enterprise_linux_desktop | 6.0 |
| f5 | big-ip_link_controller | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| canonical | ubuntu_linux | 10.04 |
| f5 | big-ip_analytics | * |
| oracle | linux | 6 |
| qnap | qts | 4.1.1 |
| f5 | traffix_signaling_delivery_controller | * |
| ibm | pureapplication_system | 2.0.0.0 |
| apple | mac_os_x | * |
| vmware | vcenter_server_appliance | 5.1 |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| novell | zenworks_configuration_management | 11.1 |
| redhat | enterprise_linux_eus | 7.5 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| redhat | enterprise_linux_server_aus | 7.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| novell | open_enterprise_server | 11.0 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server | 6.0 |
| ibm | software_defined_network_for_virtual_environments | * |
| suse | linux_enterprise_software_development_kit | 11 |
| f5 | big-ip_access_policy_manager | * |
| redhat | virtualization | 3.4 |
| f5 | big-ip_policy_enforcement_manager | * |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux | 4.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| f5 | big-ip_application_acceleration_manager | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| f5 | big-ip_local_traffic_manager | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| f5 | arx_firmware | * |
| qnap | qts | * |
| ibm | starter_kit_for_cloud | 2.2.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| vmware | vcenter_server_appliance | 5.5 |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| redhat | enterprise_linux | 7.0 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| f5 | big-ip_link_controller | * |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| mageia | mageia | 4.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| arista | eos | * |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_eus | 6.5 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| f5 | big-ip_application_security_manager | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| oracle | linux | 5 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| citrix | netscaler_sdx_firmware | * |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| suse | linux_enterprise_server | 11 |
| novell | zenworks_configuration_management | 11 |
| f5 | enterprise_manager | * |
| ibm | storwize_v7000_firmware | * |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| redhat | enterprise_linux_server_aus | 5.6 |
| vmware | vcenter_server_appliance | 5.0 |
| ibm | workload_deployer | * |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| checkpoint | security_gateway | * |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| ibm | stn6500_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| novell | open_enterprise_server | 2.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 2.02.1 |
| gnu | bash | 2.03 |
| gnu | bash | 2.05 |
| gnu | bash | 2.01 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 4.3 |
| gnu | bash | 3.2 |
| gnu | bash | 4.2 |
| gnu | bash | 2.01.1 |
| gnu | bash | 1.14.6 |
| gnu | bash | 2.04 |
| gnu | bash | 1.14.5 |
| gnu | bash | 2.02 |
| gnu | bash | 3.0.16 |
| gnu | bash | 1.14.3 |
| gnu | bash | 3.1 |
| gnu | bash | 1.14.2 |
| gnu | bash | 1.14.7 |
| gnu | bash | 1.14.0 |
| gnu | bash | 3.0 |
| gnu | bash | 4.1 |
| gnu | bash | 2.0 |
| gnu | bash | 4.0 |
| gnu | bash | 3.2.48 |
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 2.02.1 |
| gnu | bash | 2.03 |
| gnu | bash | 2.05 |
| gnu | bash | 2.01 |
| gnu | bash | 1.14.1 |
| gnu | bash | 1.14.4 |
| gnu | bash | 4.3 |
| gnu | bash | 3.2 |
| gnu | bash | 4.2 |
| gnu | bash | 2.01.1 |
| gnu | bash | 1.14.6 |
| gnu | bash | 2.04 |
| gnu | bash | 1.14.5 |
| gnu | bash | 2.02 |
| gnu | bash | 3.0.16 |
| gnu | bash | 1.14.3 |
| gnu | bash | 3.1 |
| gnu | bash | 1.14.2 |
| gnu | bash | 1.14.7 |
| gnu | bash | 1.14.0 |
| gnu | bash | 3.0 |
| gnu | bash | 4.1 |
| gnu | bash | 2.0 |
| gnu | bash | 4.0 |
| gnu | bash | 3.2.48 |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| gnu | glibc | 2.21 |
| debian | debian_linux | 7.0 |
| opensuse | opensuse | 13.1 |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.10 |
| suse | suse_linux_enterprise_server | 11.0 |
| gnu | glibc | * |
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.2.13 |
| gnu | gnutls | 3.2.8.1 |
| gnu | gnutls | 3.1.1 |
| gnu | gnutls | 3.0.5 |
| gnu | gnutls | 3.0.18 |
| gnu | gnutls | 3.1.22 |
| gnu | gnutls | 3.1.10 |
| gnu | gnutls | 3.2.4 |
| gnu | gnutls | 3.0.21 |
| gnu | gnutls | 3.2.0 |
| gnu | gnutls | 3.2.9 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| gnu | gnutls | 3.2.14 |
| gnu | gnutls | 3.1.13 |
| gnu | gnutls | 3.0.17 |
| gnu | gnutls | 3.1.9 |
| gnu | gnutls | 3.1.18 |
| gnu | gnutls | 3.0.4 |
| gnu | gnutls | 3.1.26 |
| gnu | gnutls | 3.3.7 |
| gnu | gnutls | 3.1.14 |
| gnu | gnutls | 3.0.7 |
| gnu | gnutls | 3.1.24 |
| gnu | gnutls | 3.0 |
| opensuse | opensuse | 13.2 |
| gnu | gnutls | 3.1.7 |
| gnu | gnutls | 3.3.1 |
| gnu | gnutls | 3.1.25 |
| gnu | gnutls | 3.3.6 |
| gnu | gnutls | 3.0.24 |
| gnu | gnutls | 3.1.15 |
| gnu | gnutls | 3.2.6 |
| gnu | gnutls | 3.1.11 |
| gnu | gnutls | 3.1.5 |
| gnu | gnutls | 3.2.19 |
| gnu | gnutls | 3.0.22 |
| gnu | gnutls | 3.0.10 |
| gnu | gnutls | 3.2.12 |
| gnu | gnutls | 3.0.2 |
| gnu | gnutls | 3.1.2 |
| gnu | gnutls | 3.1.21 |
| gnu | gnutls | 3.1.0 |
| gnu | gnutls | 3.3.3 |
| gnu | gnutls | 3.2.11 |
| gnu | gnutls | 3.0.23 |
| gnu | gnutls | 3.1.27 |
| opensuse | opensuse | 13.1 |
| gnu | gnutls | 3.1.16 |
| opensuse | opensuse | 12.3 |
| gnu | gnutls | 3.0.13 |
| gnu | gnutls | 3.0.1 |
| gnu | gnutls | 3.1.3 |
| gnu | gnutls | 3.1.6 |
| gnu | gnutls | 3.3.4 |
| gnu | gnutls | 3.3.2 |
| gnu | gnutls | 3.1.4 |
| gnu | gnutls | 3.0.14 |
| gnu | gnutls | 3.1.17 |
| gnu | gnutls | 3.0.11 |
| gnu | gnutls | 3.0.19 |
| gnu | gnutls | 3.0.25 |
| gnu | gnutls | 3.2.5 |
| redhat | enterprise_linux_server | 7.0 |
| gnu | gnutls | 3.0.26 |
| gnu | gnutls | 3.0.8 |
| gnu | gnutls | 3.1.23 |
| gnu | gnutls | 3.2.2 |
| gnu | gnutls | 3.2.7 |
| gnu | gnutls | 3.0.9 |
| gnu | gnutls | 3.2.15 |
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | gnutls | 3.0.28 |
| gnu | gnutls | 3.0.20 |
| gnu | gnutls | 3.3.8 |
| gnu | gnutls | 3.0.16 |
| gnu | gnutls | 3.2.16 |
| gnu | gnutls | 3.2.3 |
| gnu | gnutls | 3.0.27 |
| gnu | gnutls | 3.1.20 |
| gnu | gnutls | 3.3.5 |
| gnu | gnutls | 3.2.8 |
| gnu | gnutls | 3.0.12 |
| gnu | gnutls | 3.1.12 |
| gnu | gnutls | 3.3.0 |
| gnu | gnutls | 3.1.19 |
| gnu | gnutls | 3.0.15 |
| gnu | gnutls | 3.0.6 |
| gnu | gnutls | 3.2.17 |
| gnu | gnutls | 3.2.18 |
| redhat | enterprise_linux_workstation | 7.0 |
| gnu | gnutls | 3.3.9 |
| canonical | ubuntu_linux | 14.10 |
| gnu | gnutls | 3.0.0 |
| gnu | gnutls | 3.2.1 |
| gnu | gnutls | 3.2.10 |
| gnu | gnutls | 3.0.3 |
| gnu | gnutls | 3.2.12.1 |
| gnu | gnutls | 3.1.8 |
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 19 |
| gnu | binutils | * |
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| debian | debian_linux | 7.0 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| gnu | binutils | * |
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 2.11 |
| debian | debian_linux | 7.0 |
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| opensuse | opensuse | 13.1 |
| gnu | glibc | * |
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnu | coreutils | * |
Emacs 24.4 allows remote attackers to bypass security restrictions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 24.4 |
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| gnu | less | * |
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mageia | mageia | 4.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnu | patch | * |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| fedoraproject | fedora | 23 |
| suse | linux_enterprise_software_development_kit | 11.0 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.10 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_server | 11.0 |
| gnu | glibc | * |
| suse | linux_enterprise_desktop | 11.0 |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_debuginfo | 11.0 |
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_webrtc_session_controller | 7.1 |
| oracle | exalogic_infrastructure | 1.0 |
| oracle | communications_eagle_lnp_application_processor | 10.0 |
| ibm | pureapplication_system | 1.0.0.0 |
| redhat | virtualization | 6.0 |
| debian | debian_linux | 7.0 |
| oracle | linux | 5 |
| gnu | glibc | * |
| oracle | communications_user_data_repository | * |
| oracle | communications_session_border_controller | 8.0.0 |
| oracle | communications_application_session_controller | * |
| oracle | communications_policy_management | 12.1.1 |
| oracle | communications_policy_management | 11.5 |
| oracle | communications_webrtc_session_controller | 7.2 |
| php | php | * |
| oracle | communications_webrtc_session_controller | 7.0 |
| oracle | vm_virtualbox | * |
| oracle | communications_policy_management | 9.7.3 |
| oracle | communications_eagle_application_processor | 16.0 |
| ibm | security_access_manager_for_enterprise_single_sign-on | 8.2 |
| oracle | communications_lsms | 13.1 |
| oracle | communications_session_border_controller | 7.2.0 |
| oracle | communications_policy_management | 10.4.1 |
| oracle | communications_session_border_controller | * |
| ibm | pureapplication_system | 1.1.0.0 |
| oracle | linux | 7 |
| oracle | exalogic_infrastructure | 2.0 |
| ibm | pureapplication_system | 2.0.0.0 |
| apple | mac_os_x | * |
| debian | debian_linux | 8.0 |
| oracle | communications_policy_management | 9.9.1 |
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | 2.7.1 |
| opensuse | opensuse | 13.2 |
| oracle | solaris | 11.2 |
| opensuse | opensuse | 13.1 |
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 2.11 |
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grep | 2.20 |
| opensuse | opensuse | 13.2 |
| gnu | grep | 2.21 |
| gnu | grep | 2.19 |
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnu | patch | * |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| gnu | glibc | * |
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| gnu | glibc | * |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| suse | linux_enterprise_desktop | 11 |
| debian | debian_linux | 7.0 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_debuginfo | 11 |
| gnu | glibc | * |
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | 8.4 |
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn | * |
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 22 |
| fedoraproject | fedora | 21 |
| opensuse | opensuse | 13.1 |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 7.0 |
| gnu | mailman | * |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 22 |
| debian | debian_linux | 7.0 |
| fedoraproject | fedora | 20 |
| fedoraproject | fedora | 21 |
| gnu | libtasn1 | * |
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| gnu | gnutls | * |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 21 |
| gnu | libtasn1 | * |
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | * |
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | * |
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | parallel | * |
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| gnu | parallel | * |
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnu | glibc | * |
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | * |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_server | 7.0 |
| gnu | glibc | * |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.3.3 |
| gnu | gnutls | 3.3.5 |
| gnu | gnutls | 3.3.11 |
| gnu | gnutls | 3.3.10 |
| gnu | gnutls | 3.3.0 |
| gnu | gnutls | 3.3.12 |
| gnu | gnutls | 3.4.0 |
| gnu | gnutls | 3.3.13 |
| gnu | gnutls | 3.3.14 |
| gnu | gnutls | 3.3.7 |
| gnu | gnutls | 3.4.1 |
| gnu | gnutls | 3.3.8 |
| gnu | gnutls | 3.3.1 |
| gnu | gnutls | 3.3.4 |
| gnu | gnutls | 3.3.2 |
| gnu | gnutls | 3.3.6 |
| debian | debian_linux | 8.0 |
| gnu | gnutls | 3.4.2 |
| gnu | gnutls | 3.4.3 |
| gnu | gnutls | 3.3.9 |
| gnu | gnutls | 3.3.15 |
| gnu | gnutls | 3.3.16 |
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnu_screen | * |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| gnu | glibc | 2.12 |
| oracle | exalogic_infrastructure | 1.0 |
| gnu | glibc | 2.17 |
| hp | helion_openstack | 2.0.0 |
| gnu | glibc | 2.11.3 |
| oracle | fujitsu_m10_firmware | * |
| f5 | big-ip_analytics | 12.0.0 |
| sophos | unified_threat_management_software | 9.355 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.18 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.21 |
| redhat | enterprise_linux_server | 7.0 |
| gnu | glibc | 2.14.1 |
| f5 | big-ip_domain_name_system | 12.0.0 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| f5 | big-ip_link_controller | 12.0.0 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.19 |
| gnu | glibc | 2.10 |
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.22 |
| suse | linux_enterprise_server | 11.0 |
| suse | linux_enterprise_desktop | 11.0 |
| opensuse | opensuse | 13.2 |
| oracle | exalogic_infrastructure | 2.0 |
| hp | helion_openstack | 2.1.0 |
| suse | linux_enterprise_software_development_kit | 11.0 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_eus | 7.2 |
| f5 | big-ip_application_security_manager | 12.0.0 |
| suse | suse_linux_enterprise_server | 12 |
| gnu | glibc | 2.14 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| gnu | glibc | 2.11.2 |
| f5 | big-ip_local_traffic_manager | 12.0.0 |
| gnu | glibc | 2.16 |
| f5 | big-ip_advanced_firewall_manager | 12.0.0 |
| hp | helion_openstack | 1.1.1 |
| suse | linux_enterprise_desktop | 12 |
| gnu | glibc | 2.13 |
| suse | linux_enterprise_debuginfo | 11.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| gnu | glibc | 2.10.1 |
| f5 | big-ip_application_acceleration_manager | 12.0.0 |
| canonical | ubuntu_linux | 15.10 |
| hp | server_migration_pack | 7.5 |
| f5 | big-ip_policy_enforcement_manager | 12.0.0 |
| gnu | glibc | 2.11 |
| f5 | big-ip_access_policy_manager | 12.0.0 |
| sophos | unified_threat_management_software | 9.319 |
| gnu | glibc | 2.20 |
| redhat | enterprise_linux_server_aus | 7.2 |
| gnu | glibc | 2.9 |
| debian | debian_linux | 8.0 |
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | a2ps | 4.14 |
GnuTLS incorrectly validates the first byte of padding in CBC modes
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| gnu | grub2 | 1.99 |
| gnu | grub2 | 2.00 |
| gnu | grub2 | 2.02 |
| gnu | grub2 | 1.98 |
| gnu | grub2 | 2.01 |
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| fedoraproject | fedora | 23 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| suse | linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 15.10 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | linux_enterprise_debuginfo | 11 |
| gnu | glibc | * |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_desktop | 12 |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVSS 2.0
Severity: LOW
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| fedoraproject | fedora | 23 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| suse | linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 15.10 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | linux_enterprise_debuginfo | 11 |
| gnu | glibc | * |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_desktop | 12 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 12 |
| fedoraproject | fedora | 23 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| suse | linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 15.10 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | linux_enterprise_debuginfo | 11 |
| gnu | glibc | * |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_desktop | 12 |
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnu | libidn | * |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 12.04 |
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | chess | * |
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 4.3 |
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | osip | 4.1.0 |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | osip | 4.1.0 |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | osip | 4.1.0 |
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.0 |
| gnu | glibc | * |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| opensuse | opensuse | 13.2 |
| opensuse | leap | 42.1 |
| gnu | glibc | * |
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 2.11 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | * |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.10 |
| gnu | glibc | * |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| gnu | glibc | * |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| canonical | ubuntu_linux | 16.04 |
| fedoraproject | fedora | 24 |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| fedoraproject | fedora | 22 |
| canonical | ubuntu_linux | 15.10 |
| gnu | libtasn1 | * |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 18.04 |
| gnu | glibc | * |
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.4.12 |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | * |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | solaris | 11.3 |
| canonical | ubuntu_linux | 16.04 |
| gnu | wget | * |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| oracle | solaris | 10 |
| canonical | ubuntu_linux | 15.10 |
| paloaltonetworks | pan-os | * |
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libssp | - |
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libiberty | - |
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnu | libidn | * |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 12.04 |
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnu | libidn | * |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 12.04 |
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn | * |
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | 1.15.91 |
| gnu | tar | 1.16 |
| gnu | tar | 1.29 |
| gnu | tar | 1.24 |
| gnu | tar | 1.16.1 |
| gnu | tar | 1.22 |
| gnu | tar | 1.19 |
| gnu | tar | 1.23 |
| gnu | tar | 1.21 |
| gnu | tar | 1.25 |
| gnu | tar | 1.28 |
| gnu | tar | 1.15.90 |
| gnu | tar | 1.14 |
| gnu | tar | 1.17 |
| gnu | tar | 1.27.1 |
| gnu | tar | 1.15.1 |
| gnu | tar | 1.18 |
| gnu | tar | 1.26 |
| gnu | tar | 1.27 |
| gnu | tar | 1.20 |
| gnu | tar | 1.15 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| fedoraproject | fedora | 24 |
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 25 |
| gnu | glibc | * |
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | 2.1.5 |
| gnu | mailman | 2.1.10b3 |
| gnu | mailman | 2.1.19 |
| gnu | mailman | 2.1.11 |
| gnu | mailman | 2.1.18 |
| gnu | mailman | 2.1.2 |
| gnu | mailman | 2.1.8 |
| gnu | mailman | 2.1.6 |
| gnu | mailman | 2.1.10 |
| gnu | mailman | 2.1.23 |
| gnu | mailman | 2.1.17 |
| gnu | mailman | 2.1.22 |
| gnu | mailman | 2.1.16 |
| gnu | mailman | 2.1.10b1 |
| gnu | mailman | 2.1.15 |
| gnu | mailman | 2.1 |
| gnu | mailman | 2.1.18-1 |
| gnu | mailman | 2.1.14 |
| gnu | mailman | 2.1.4 |
| gnu | mailman | 2.1.12 |
| gnu | mailman | 2.1.13 |
| gnu | mailman | 2.1.10b4 |
| gnu | mailman | 2.1.9 |
| gnu | mailman | 2.1.3 |
| gnu | mailman | 2.1.1 |
| gnu | mailman | 2.1.14-1 |
| gnu | mailman | 2.1.21 |
| gnu | mailman | 2.1.20 |
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
| gnu | gnutls | 3.5.1 |
| gnu | gnutls | 3.5.3 |
| gnu | gnutls | 3.5.0 |
| gnu | gnutls | 3.5.2 |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| fedoraproject | fedora | 24 |
| gnu | bash | * |
| fedoraproject | fedora | 25 |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-275,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| gnu | guile | * |
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| gnu | guile | 2.0.12 |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| gnu | bash | * |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| gnu | bash | 4.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,CWE-1335,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.7.0 |
| redhat | enterprise_linux_eus | 7.5 |
| canonical | ubuntu_linux | 16.04 |
| apple | tvos | * |
| redhat | enterprise_linux_server | 6.0 |
| apple | iphone_os | * |
| opensuse | leap | 42.1 |
| oracle | jre | 1.8.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| oracle | jre | 1.7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| opensuse | leap | 42.2 |
| oracle | jdk | 1.6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | zlib | * |
| redhat | enterprise_linux_desktop | 6.0 |
| oracle | jre | 1.6.0 |
| redhat | enterprise_linux_eus | 7.4 |
| oracle | mysql | * |
| opensuse | opensuse | 13.2 |
| nodejs | node.js | * |
| oracle | jdk | 1.8.0 |
| apple | mac_os_x | * |
| debian | debian_linux | 8.0 |
| oracle | database_server | 18c |
| apple | watchos | * |
| redhat | satellite | 5.8 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.4 |
| mcafee | web_gateway | * |
| redhat | enterprise_linux_server | 6.0 |
| gnu | glibc | * |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server | 6.6 |
| redhat | enterprise_linux_server_long_life | 5.9 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| novell | suse_linux_enterprise_desktop | 12.0 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_for_sap | 12 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| suse | linux_enterprise_server | 10 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.3 |
| suse | linux_enterprise_software_development_kit | 11.0 |
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_server_eus | 7.2 |
| novell | suse_linux_enterprise_point_of_sale | 11.0 |
| redhat | enterprise_linux_server_aus | 5.9 |
| redhat | enterprise_linux_server_aus | 7.3 |
| openstack | cloud_magnum_orchestration | 7 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 6.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux | 5 |
| redhat | enterprise_linux_server_eus | 6.5 |
| suse | linux_enterprise_server_for_raspberry_pi | 12 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| novell | suse_linux_enterprise_server | 11.0 |
| suse | linux_enterprise_software_development_kit | 12.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| debian | debian_linux | 8.0 |
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.1.1 |
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.5 |
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.
CVSS 2.0
Severity: LOW
Problem Type: CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | guixsd | * |
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libtasn1 | * |
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.10.5-pre2 |
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.10.5-pre2 |
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
CVSS 2.0
Severity: LOW
Problem Type: CWE-338,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 5.4 |
| gnu | gcc | 4.9 |
| gnu | gcc | 5.1 |
| gnu | gcc | 6.1 |
| gnu | gcc | 4.7 |
| gnu | gcc | 6.3 |
| gnu | gcc | 4.8 |
| gnu | gcc | 6.2 |
| gnu | gcc | 5.0 |
| gnu | gcc | 5.2 |
| gnu | gcc | 6.0 |
| gnu | gcc | 5.3 |
| gnu | gcc | 4.6 |
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnu | cvs | 1.12.3 |
| canonical | ubuntu_linux | 14.04 |
| gnu | cvs | 1.12.10 |
| gnu | cvs | 1.12.7 |
| gnu | cvs | 1.12.11 |
| gnu | cvs | 1.12.9 |
| gnu | cvs | 1.12.12 |
| gnu | cvs | 1.12.1 |
| gnu | cvs | 1.12.6 |
| gnu | cvs | 1.12.5 |
| debian | debian_linux | 8.0 |
| gnu | cvs | 1.12.13 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 17.04 |
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.11.0 |
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.11.0 |
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.11.0 |
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 0.11.0 |
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn2 | * |
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn2 | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
| debian | debian_linux | 8.0 |
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-131,CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.4 |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29 |
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.0 |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.20 |
| gnu | glibc | 2.23 |
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | glibc | 2.21 |
| redhat | enterprise_linux_server | 7.0 |
| gnu | glibc | 2.25 |
| gnu | glibc | 2.26 |
| gnu | glibc | 2.22 |
| redhat | enterprise_linux_workstation | 7.0 |
| gnu | glibc | 2.19 |
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.26 |
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | 1.6 |
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | global | 4.8.6 |
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | * |
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libcdio | * |
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libcdio | * |
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libcdio | * |
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.5.4 |
| opensuse | leap | 42.2 |
| gnu | gnutls | 3.5.5 |
| gnu | gnutls | 3.5.7 |
| opensuse | leap | 42.1 |
| gnu | gnutls | * |
| gnu | gnutls | 3.5.1 |
| gnu | gnutls | 3.5.6 |
| gnu | gnutls | 3.5.3 |
| gnu | gnutls | 3.5.0 |
| gnu | gnutls | 3.5.2 |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.5.4 |
| opensuse | leap | 42.2 |
| gnu | gnutls | 3.5.5 |
| gnu | gnutls | 3.5.7 |
| opensuse | leap | 42.1 |
| gnu | gnutls | * |
| gnu | gnutls | 3.5.1 |
| gnu | gnutls | 3.5.6 |
| gnu | gnutls | 3.5.3 |
| gnu | gnutls | 3.5.0 |
| gnu | gnutls | 3.5.2 |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.5.4 |
| opensuse | leap | 42.2 |
| gnu | gnutls | 3.5.5 |
| gnu | gnutls | 3.5.7 |
| opensuse | leap | 42.1 |
| gnu | gnutls | * |
| gnu | gnutls | 3.5.1 |
| gnu | gnutls | 3.5.6 |
| gnu | gnutls | 3.5.3 |
| gnu | gnutls | 3.5.0 |
| gnu | gnutls | 3.5.2 |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | 3.5.4 |
| opensuse | leap | 42.2 |
| gnu | gnutls | 3.5.5 |
| gnu | gnutls | 3.5.7 |
| opensuse | leap | 42.1 |
| gnu | gnutls | * |
| gnu | gnutls | 3.5.1 |
| gnu | gnutls | 3.5.6 |
| gnu | gnutls | 3.5.3 |
| gnu | gnutls | 3.5.0 |
| gnu | gnutls | 3.5.2 |
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 25 |
| gnu | ed | * |
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | * |
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bash | 4.4 |
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-93,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| apache | bookkeeper | 4.12.1 |
| gnu | libtasn1 | 4.10 |
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | osip | 5.0.0 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.25 |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-704,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| gnu | adns | * |
| fedoraproject | fedora | 31 |
The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | * |
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.28 |
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 17.10 |
| gnu | wget | * |
| redhat | enterprise_linux_server | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_workstation | 7.0 |
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | virtualization_host | 4.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | glibc | * |
| canonical | ubuntu_linux | 17.10 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | sharutils | 4.15.2 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.3 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server_tus | 7.2 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| gnu | patch | 2.7.6 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_tus | 6.6 |
| canonical | ubuntu_linux | 17.10 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_eus | 6.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_eus | 7.5 |
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libtasn1 | 4.12 |
| gnu | libtasn1 | 4.13 |
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| gnu | binutils | * |
| redhat | enterprise_linux_workstation | 7.0 |
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-385,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| gnu | gnutls | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 31 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 18.10 |
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-385,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| gnu | gnutls | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 31 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 18.10 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.6 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | 1.1 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-385,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| gnu | gnutls | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 31 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 18.10 |
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | virtualization_host | 4.0 |
| oracle | enterprise_communications_broker | 3.0.0 |
| oracle | communications_session_border_controller | 8.1.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| oracle | communications_session_border_controller | 8.2.0 |
| gnu | glibc | * |
| oracle | communications_session_border_controller | 8.0.0 |
| netapp | data_ontap_edge | - |
| redhat | enterprise_linux_server | 7.0 |
| netapp | element_software_management | - |
| oracle | enterprise_communications_broker | 3.1.0 |
| redhat | enterprise_linux_workstation | 7.0 |
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | virtualization_host | 4.0 |
| oracle | enterprise_communications_broker | 3.0.0 |
| canonical | ubuntu_linux | 16.04 |
| oracle | communications_session_border_controller | 8.1.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| oracle | communications_session_border_controller | 8.2.0 |
| gnu | glibc | * |
| oracle | communications_session_border_controller | 8.0.0 |
| canonical | ubuntu_linux | 19.10 |
| netapp | data_ontap_edge | - |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| netapp | element_software_management | - |
| oracle | enterprise_communications_broker | 3.1.0 |
| redhat | enterprise_linux_workstation | 7.0 |
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
| canonical | ubuntu_linux | 16.04.4 |
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
| canonical | ubuntu_linux | 16.04.4 |
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
| canonical | ubuntu_linux | 16.04.4 |
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | * |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | openshift_container_platform | 3.11 |
| redhat | enterprise_linux_workstation | 7.0 |
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CVSS 2.0
Severity: LOW
Problem Type: CWE-203,CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnulib | * |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | data_ontap | - |
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | data_ontap | - |
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | data_ontap | - |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| gnu | gettext | 0.19.8 |
| canonical | ubuntu_linux | 18.10 |
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| fedoraproject | fedora | 28 |
| gnu | glibc | * |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | vasa_provider | * |
| canonical | ubuntu_linux | 18.04 |
| gnu | binutils | * |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | vasa_provider | * |
| gnu | binutils | * |
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | vasa_provider | * |
| gnu | binutils | 2.31 |
| f5 | traffix_signaling_delivery_controller | * |
| f5 | traffix_signaling_delivery_controller | 4.4.0 |
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | 1.2.0 |
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| gnu | tar | * |
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
| f5 | traffix_signaling_delivery_controller | * |
| f5 | traffix_signaling_delivery_controller | 4.4.0 |
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31.1 |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | steelstore_cloud_integrated_storage | - |
| gnu | glibc | * |
| netapp | cloud_backup | * |
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| gnu | mailman | * |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_tus | 7.4 |
| canonical | ubuntu_linux | 17.10 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 27 |
| fedoraproject | fedora | 26 |
| gnu | libtasn1 | * |
| debian | debian_linux | 9.0 |
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.29.1 |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | virtualization_host | 4.0 |
| oracle | enterprise_communications_broker | 3.0.0 |
| oracle | communications_session_border_controller | 8.1.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| netapp | virtual_storage_console | * |
| oracle | communications_session_border_controller | 8.2.0 |
| gnu | glibc | * |
| oracle | communications_session_border_controller | 8.0.0 |
| netapp | virtual_storage_console | - |
| netapp | cloud_backup | - |
| netapp | vasa_provider | * |
| netapp | storage_replication_adapter | * |
| netapp | data_ontap_edge | - |
| netapp | element_software | - |
| redhat | enterprise_linux_server | 7.0 |
| netapp | element_software_management | - |
| netapp | vasa_provider | 6.x |
| oracle | enterprise_communications_broker | 3.1.0 |
| netapp | steelstore_cloud_integrated_storage | - |
| redhat | enterprise_linux_workstation | 7.0 |
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| gnu | patch | * |
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| gnu | binutils | 2.30 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
| gnu | binutils | 2.29 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.30 |
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | - |
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | - |
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | - |
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | - |
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| gnu | gdb | * |
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| gnu | binutils_gold | * |
| gnu | binutils | * |
| netapp | solidfire | - |
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn2 | * |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| gnu | patch | 2.7.6 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.2 |
| gnu | binutils | 2.32 |
| opensuse | leap | 15.0 |
| canonical | ubuntu_linux | 18.04 |
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
| netapp | solidfire | - |
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-267,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | - |
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | cpio | * |
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| gnu | libextractor | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 31 |
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | chess | 6.2.5 |
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-331,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | gcc | * |
| opensuse | leap | 15.0 |
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cflow | * |
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cflow | * |
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | serveez | * |
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 18.04 |
| gnu | aspell | * |
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| gnu | ncurses | * |
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| gnu | ncurses | * |
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | guix | 1.0.1 |
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libidn2 | * |
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-273,CWE-273,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| netapp | oncommand_unified_manager | * |
| gnu | bash | * |
| oracle | communications_cloud_native_core_policy | 1.14.0 |
| gnu | bash | 5.0 |
| netapp | solidfire | - |
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | fribidi | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailutils | * |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 31 |
| gnu | glibc | * |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.2 |
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.2 |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.2 |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.2 |
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | aspell | * |
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | * |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | service_processor | - |
| netapp | a250_firmware | - |
| debian | debian_linux | 10.0 |
| broadcom | fabric_operating_system | - |
| gnu | glibc | * |
| netapp | 500f_firmware | - |
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | aspell | 0.60.8 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 9.0 |
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| meissner@suse.de | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | gnump3d | * |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-415,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
| fedoraproject | fedora | - |
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-456,CWE-824,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnutls | * |
| opensuse | leap | 15.0 |
| fedoraproject | fedora | 28 |
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8 |
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnu | binutils | 2.32 |
| f5 | traffix_signaling_delivery_controller | * |
| canonical | ubuntu_linux | 18.04 |
| netapp | element_software_management | * |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
| netapp | solidfire | - |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| gnu | binutils | 2.32 |
| netapp | solidfire | - |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
| netapp | solidfire | - |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| gnu | binutils | 2.32 |
| canonical | ubuntu_linux | 18.04 |
| netapp | solidfire | - |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_local_traffic_manager | 14.1.0 |
| f5 | big-ip_global_traffic_manager | 15.0.0 |
| f5 | big-ip_link_controller | 14.1.0 |
| f5 | big-ip_edge_gateway | 15.0.0 |
| f5 | big-ip_analytics | 15.0.0 |
| netapp | hci_management_node | - |
| f5 | big-ip_application_acceleration_manager | 14.1.0 |
| f5 | big-ip_edge_gateway | 14.1.0 |
| f5 | big-ip_webaccelerator | 15.0.0 |
| f5 | big-ip_application_acceleration_manager | 15.0.0 |
| f5 | big-ip_policy_enforcement_manager | 14.1.0 |
| f5 | big-ip_fraud_protection_service | 15.0.0 |
| canonical | ubuntu_linux | 18.04 |
| f5 | big-ip_advanced_firewall_manager | 15.0.0 |
| f5 | big-ip_global_traffic_manager | 14.1.0 |
| f5 | big-ip_access_policy_manager | 15.0.0 |
| f5 | big-ip_link_controller | 15.0.0 |
| f5 | big-ip_access_policy_manager | 14.1.0 |
| f5 | big-ip_fraud_protection_service | 14.1.0 |
| f5 | big-ip_application_security_manager | 15.0.0 |
| f5 | big-ip_advanced_firewall_manager | 14.1.0 |
| f5 | big-ip_policy_webaccelerator | 14.1.0 |
| f5 | big-ip_domain_name_system | 14.1.0 |
| f5 | big-ip_domain_name_system | 15.0.0 |
| gnu | binutils | 2.32 |
| f5 | big-ip_local_traffic_manager | 15.0.0 |
| f5 | big-ip_analytics | 14.1.0 |
| f5 | big-ip_application_security_manager | 14.1.0 |
| f5 | big-ip_policy_enforcement_manager | 15.0.0 |
| netapp | solidfire | - |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.32 |
| netapp | element_software_management | * |
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.32 |
| f5 | traffix_signaling_delivery_controller | * |
| netapp | element_software | - |
| canonical | ubuntu_linux | 18.04 |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.10 |
| netapp | ontap_select_deploy_administration_utility | - |
| mcafee | web_gateway | * |
| canonical | ubuntu_linux | 18.04 |
| netapp | steelstore_cloud_integrated_storage | - |
| gnu | glibc | * |
| netapp | cloud_backup | * |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| suse | backports | - |
| gnu | pspp | 1.2.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| gnu | libredwg | 0.7 |
| gnu | libredwg | 0.7.1645 |
| opensuse | backports_sle | 15.0 |
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.0 |
| gnu | tar | * |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| gnu | bash | 4.4 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | leap | 42.3 |
| gnu | bash | * |
| debian | debian_linux | 8.0 |
| netapp | solidfire | - |
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| netapp | h410c_firmware | - |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 31 |
| gnu | glibc | * |
| netapp | cloud_backup | - |
| netapp | hci_management_node | - |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 18.04 |
| netapp | steelstore_cloud_integrated_storage | - |
| netapp | solidfire | - |
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| vmware | photon_os | * |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| gnu | grub2 | * |
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.10 |
| gnu | gnutls | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 31 |
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| opensuse | backports_sle | 15.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
| fedoraproject | fedora | 31 |
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| opensuse | backports_sle | 15.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
| fedoraproject | fedora | 31 |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 19.10 |
| gnu | gnutls | * |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 20.04 |
| fedoraproject | fedora | 31 |
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bison | * |
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | grub2 | * |
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| gnu | grub2 | * |
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.8 | 5.2 |
| secalert@redhat.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.5 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-122,CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_eus | 8.2 |
| opensuse | leap | 15.2 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 20.04 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_eus | 8.1 |
| gnu | grub2 | * |
| redhat | enterprise_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux_server_aus | 8.2 |
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.8 | 5.2 |
| secalert@redhat.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.5 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-122,CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_eus | 8.2 |
| opensuse | leap | 15.2 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 20.04 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_eus | 8.1 |
| gnu | grub2 | * |
| redhat | enterprise_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux_server_aus | 8.2 |
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-184,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| netapp | cloud_backup | - |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| security@ubuntu.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| microsoft | windows_10 | 1803 |
| microsoft | windows_10 | 1809 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| suse | suse_linux_enterprise_server | 12 |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_server_2016 | 1909 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_atomic_host | - |
| suse | suse_linux_enterprise_server | 15 |
| suse | suse_linux_enterprise_server | 11 |
| microsoft | windows_10 | 2004 |
| canonical | ubuntu_linux | 18.04 |
| microsoft | windows_rt_8.1 | - |
| microsoft | windows_10 | 1709 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 20.04 |
| gnu | grub2 | * |
| microsoft | windows_server_2012 | - |
| microsoft | windows_server_2016 | 2004 |
| microsoft | windows_10 | 1903 |
| microsoft | windows_10 | 1607 |
| microsoft | windows_10 | 1909 |
| microsoft | windows_server_2019 | - |
| microsoft | windows_server_2016 | - |
| microsoft | windows_10 | - |
| microsoft | windows_server_2016 | 1903 |
| microsoft | windows_8.1 | - |
| redhat | openshift_container_platform | 4.0 |
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-362,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| microsoft | windows_10 | 1803 |
| microsoft | windows_10 | 1809 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| suse | suse_linux_enterprise_server | 12 |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_server_2016 | 1909 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_atomic_host | - |
| suse | suse_linux_enterprise_server | 15 |
| suse | suse_linux_enterprise_server | 11 |
| microsoft | windows_10 | 2004 |
| canonical | ubuntu_linux | 18.04 |
| microsoft | windows_rt_8.1 | - |
| microsoft | windows_10 | 1709 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 20.04 |
| gnu | grub2 | * |
| microsoft | windows_server_2012 | - |
| microsoft | windows_server_2016 | 2004 |
| microsoft | windows_10 | 1903 |
| microsoft | windows_10 | 1607 |
| microsoft | windows_10 | 1909 |
| microsoft | windows_server_2019 | - |
| microsoft | windows_server_2016 | - |
| microsoft | windows_10 | - |
| microsoft | windows_server_2016 | 1903 |
| microsoft | windows_8.1 | - |
| redhat | openshift_container_platform | 4.0 |
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.5 | 5.2 |
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-190,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| microsoft | windows_10 | 1803 |
| microsoft | windows_10 | 1809 |
| canonical | ubuntu_linux | 14.04 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| suse | suse_linux_enterprise_server | 12 |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_server_2016 | 1909 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_atomic_host | - |
| suse | suse_linux_enterprise_server | 15 |
| suse | suse_linux_enterprise_server | 11 |
| microsoft | windows_10 | 2004 |
| canonical | ubuntu_linux | 18.04 |
| microsoft | windows_rt_8.1 | - |
| netapp | active_iq_unified_manager | * |
| microsoft | windows_10 | 1709 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 20.04 |
| gnu | grub2 | * |
| microsoft | windows_server_2012 | - |
| microsoft | windows_server_2016 | 2004 |
| microsoft | windows_10 | 1903 |
| microsoft | windows_10 | 1607 |
| microsoft | windows_10 | 1909 |
| microsoft | windows_server_2019 | - |
| microsoft | windows_server_2016 | - |
| microsoft | windows_10 | - |
| microsoft | windows_server_2016 | 1903 |
| microsoft | windows_8.1 | - |
| redhat | openshift_container_platform | 4.0 |
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35 |
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35 |
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.34 |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35 |
| netapp | cloud_backup | - |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35 |
| netapp | solidfire | - |
| netapp | cloud_backup | - |
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.10 |
| redhat | enterprise_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| gnu | glibc | * |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| secalert@redhat.com | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.10 |
| netapp | active_iq_unified_manager | * |
| netapp | h410c_firmware | - |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 18.04 |
| netapp | steelstore_cloud_integrated_storage | - |
| gnu | glibc | * |
| netapp | solidfire | - |
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gama | 2.04 |
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| netapp | active_iq_unified_manager | - |
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| netapp | active_iq_unified_manager | - |
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| netapp | active_iq_unified_manager | - |
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| netapp | active_iq_unified_manager | - |
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | 6.1 |
| netapp | active_iq_unified_manager | - |
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.36 |
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.2641 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10 |
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| fedoraproject | fedora | 34 |
| gnu | cflow | 1.6 |
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.10.1 |
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | bison | 3.7 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| fedoraproject | fedora | 33 |
| gnu | gnutls | * |
| opensuse | leap | 15.2 |
| canonical | ubuntu_linux | 20.04 |
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.6 | HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 0.9 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-835,CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | h410c_firmware | - |
| netapp | a250_firmware | - |
| debian | debian_linux | 10.0 |
| netapp | h700e_firmware | - |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
| oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 |
| netapp | h700s_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h300e_firmware | - |
| netapp | 500f_firmware | - |
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-285,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-617,CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| netapp | e-series_santricity_os_controller | * |
| gnu | glibc | * |
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_baseboard_management_controller | - |
| redhat | enterprise_linux | 7.0 |
| gnu | glibc | * |
| netapp | cloud_backup | - |
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnu_scientific_library | 2.6 |
| debian | debian_linux | 10.0 |
| gnu | gnu_scientific_library | 2.5 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35.1 |
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | hci_compute_node_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | hci_compute_node_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | hci_compute_node_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | hci_compute_node_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | hci_compute_node_firmware | - |
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-195,CWE-191,CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 31 |
| gnu | glibc | * |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports | sle-15 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnu | libredwg | 0.9.3.2564 |
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | * |
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,CWE-125,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | * |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.0 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,CWE-59,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | e-series_performance_analyzer | - |
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 34 |
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
| fedoraproject | fedora | 34 |
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 7.7 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 8.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| gnu | binutils | 2.35.1 |
| netapp | cloud_backup | - |
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| gnu | screen | * |
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.5 | LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.0 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-415,CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| gnu | glibc | * |
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | guix | * |
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.3 |
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.3 |
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | punbb | * |
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| gnu | chess | 6.2.7 |
| fedoraproject | fedora | 34 |
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system_firmware | - |
| gnu | wget | * |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | a250_firmware | - |
| netapp | 500f_firmware | - |
| netapp | cloud_backup | - |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.36 |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | e-series_santricity_os_controller | * |
| netapp | ontap_select_deploy_administration_utility | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.5.0 |
| fujitsu | m12-2_firmware | * |
| fujitsu | m10-4s_firmware | * |
| debian | debian_linux | 10.0 |
| fujitsu | m12-1_firmware | * |
| fujitsu | m10-1_firmware | * |
| gnu | glibc | * |
| fujitsu | m10-4_firmware | * |
| fujitsu | m12-2s_firmware | * |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| netapp | h500s_firmware | - |
| netapp | e-series_santricity_os_controller | * |
| debian | debian_linux | 10.0 |
| netapp | h700e_firmware | - |
| fedoraproject | fedora | 34 |
| gnu | glibc | 2.33 |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
| netapp | cloud_backup | - |
| gnu | glibc | 2.32 |
| netapp | h700s_firmware | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h300e_firmware | - |
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux | 6.0 |
| gnu | libmicrohttpd | 0.9.70 |
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.36 |
| netapp | ontap_select_deploy_administration_utility | - |
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.36 |
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-704,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | hci_management_node | - |
| netapp | e-series_santricity_os_controller | * |
| netapp | ontap_select_deploy_administration_utility | - |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| gnu | glibc | * |
| netapp | solidfire | - |
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.0 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | codeready_linux_builder | - |
| redhat | openshift | 3.0 |
| redhat | enterprise_linux | 8.4 |
| redhat | openshift_container_platform | 4.10 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| redhat | openshift_container_platform | 4.9 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux | 9.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | developer_tools | 1.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.0 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.6 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0 |
| fedoraproject | fedora | 36 |
| redhat | enterprise_linux_for_power_little_endian | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.0 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | codeready_linux_builder | - |
| redhat | openshift | 3.0 |
| redhat | enterprise_linux | 8.4 |
| redhat | openshift_container_platform | 4.10 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| redhat | openshift_container_platform | 4.9 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux | 9.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | developer_tools | 1.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.0 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.6 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | codeready_linux_builder | - |
| redhat | openshift | 3.0 |
| redhat | enterprise_linux | 8.4 |
| redhat | openshift_container_platform | 4.10 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| redhat | openshift_container_platform | 4.9 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.4 |
| gnu | grub | * |
| redhat | enterprise_linux | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | developer_tools | 1.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.0 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.6 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | * |
| gnu | binutils | * |
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | * |
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 11.2 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | enterprise_operations_monitor | 5.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| fedoraproject | fedora | 35 |
| oracle | enterprise_operations_monitor | 4.4 |
| gnu | glibc | * |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | macos | 11.7 |
| apple | mac_os_x | 10.12.6 |
| gnu | ncurses | * |
| apple | macos | 13.0 |
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| gnu | grub2 | * |
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | h410c_firmware | - |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | e-series_performance_analyzer | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | h410c_firmware | - |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | nfs_plug-in | * |
| netapp | h410s_firmware | - |
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | inetutils | * |
| debian | debian_linux | 10.0 |
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
| netapp | active_iq_unified_manager | - |
| netapp | hci_bootstrap_os | - |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| gnu | mailman | * |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| gnu | mailman | * |
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | enterprise_operations_monitor | 5.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| gnu | glibc | 2.34 |
| oracle | enterprise_operations_monitor | 4.4 |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | hurd | * |
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | hurd | * |
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | hurd | * |
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | hurd | * |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnu | mailman | * |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 9.0 |
| gnu | binutils | * |
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-763,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | patch | 2.7 |
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8.90 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8.90 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.8.90 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 12.0 |
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| meissner@suse.de | 5.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 2.5 | 2.5 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | 1.8 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-377,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| debian | debian_linux | 10.0 |
| gnu | libtasn1 | * |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | jboss_data_grid | 7.0.0 |
| debian | debian_linux | 10.0 |
| tukaani | xz | * |
| gnu | gzip | * |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | enterprise_operations_monitor | 5.0 |
| debian | debian_linux | 10.0 |
| oracle | enterprise_operations_monitor | 4.4 |
| gnu | glibc | * |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | enterprise_operations_monitor | 5.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| debian | debian_linux | 10.0 |
| oracle | enterprise_operations_monitor | 4.4 |
| gnu | glibc | * |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@gitlab.com | 3.8 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L | 1.2 | 2.5 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| gnu | gnu_sasl | * |
| debian | debian_linux | 10.0 |
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| debian | debian_linux | 10.0 |
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | fribidi | * |
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | fribidi | * |
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | fribidi | * |
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_power_little_endian_eus | 9.0 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| gnu | grub2 | * |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.2 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0 |
| fedoraproject | fedora | 37 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.1 |
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | 11.2 |
| fedoraproject | fedora | 36 |
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| gnu | grub2 | * |
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| apple | macos | * |
| gnu | ncurses | 6.3 |
| gnu | ncurses | * |
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.4.4608 |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | - |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | - |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | - |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | - |
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | - |
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.4.4608 |
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.4.4608 |
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.38.50 |
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.38.50 |
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| gnu | bash | * |
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| gnu | grub2 | * |
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | inetutils | * |
| debian | debian_linux | 10.0 |
| netkit-telnet_project | netkit-telnet | * |
| mit | kerberos_5 | * |
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | h410c_firmware | - |
| gnu | glibc | 2.36 |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
| gnu | pspp | 1.6.2 |
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
| gnu | pspp | 1.6.2 |
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | osip | 5.3.0 |
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| gnu | binutils | * |
| fedoraproject | fedora | 37 |
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.4.4643 |
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| gnu | emacs | * |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| gnu | less | * |
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| fedoraproject | fedora | 38 |
| gnu | binutils | * |
| fedoraproject | fedora | 37 |
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 39 |
| netapp | ontap_select_deploy_administration_utility | - |
| fedoraproject | fedora | 38 |
| gnu | binutils | * |
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 37 |
| gnu | tar | * |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| gnu | emacs | * |
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| gnu | gnutls | 3.6.8-11.el8_2 |
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
| netapp | converged_systems_advisor_agent | - |
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.38 |
| gnu | glibc | * |
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.40 |
| gnu | binutils | 2.39 |
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | screen | * |
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 8.8 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_server_aus | 9.2 |
| gnu | emacs | 26.1-9.el8 |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_eus | 8.8 |
| gnu | emacs | 27.2-8.el9 |
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.37 |
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.5 |
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
| secalert@redhat.com | 6.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.0 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.40 |
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.40 |
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.40 |
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| report@snyk.io | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | * |
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
| cve@mitre.org | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libmicrohttpd | * |
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cflow | 1.7 |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | org_mode | * |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | ncurses | * |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.5 |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.5 |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.5 |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libredwg | 0.12.5 |
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | 13.0.50.20220805-git |
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | 13.0.50.20220805-git |
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gdb | 13.0.50.20220805-git |
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | * |
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| fedoraproject | fedora | 39 |
| fedoraproject | fedora | 38 |
| gnu | grub2 | - |
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | inetutils | * |
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | indent | 2.2.13 |
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | 2.2 | 2.5 |
| arm-security@arm.com | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | 2.2 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gcc | * |
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
| secalert@redhat.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L | 1.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gawk | * |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| fedoraproject | fedora | 38 |
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H | 2.2 | 4.2 |
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H | 2.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h410c_firmware | - |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | 9.2 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x |
| redhat | codeready_linux_builder_eus | 9.2 |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| fedoraproject | fedora | 39 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 9.2 |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x |
| netapp | h500s_firmware | - |
| redhat | enterprise_linux | 9.0 |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le |
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_tus | 8.8 |
| netapp | h410s_firmware | - |
| redhat | enterprise_linux_eus | 8.8 |
| netapp | h700s_firmware | - |
| redhat | codeready_linux_builder_eus_for_power_little_endian | 9.0_ppc64le |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| fedoraproject | fedora | 37 |
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | grub2 | - |
| gnu | grub2 | * |
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N | 0.8 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | grub2 | - |
| gnu | grub2 | * |
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | 9.2 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x |
| gnu | glibc | 2.33 |
| redhat | codeready_linux_builder_eus | 9.2 |
| fedoraproject | fedora | 39 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 9.2 |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | enterprise_linux | 9.0 |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_tus | 8.8 |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | codeready_linux_builder_eus_for_power_little_endian | 9.0_ppc64le |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| fedoraproject | fedora | 37 |
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| redhat | enterprise_linux | 9.0 |
| netapp | h410c_firmware | - |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | 9.2 |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 38 |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| redhat | enterprise_linux_server_tus | 8.8 |
| netapp | h410s_firmware | - |
| redhat | enterprise_linux_eus | 8.8 |
| netapp | h700s_firmware | - |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 9.2 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_server_aus | 9.2 |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | bootstrap_os | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 8.6 |
| debian | debian_linux | 13.0 |
| redhat | enterprise_linux_eus | 9.6 |
| netapp | h410c_firmware | - |
| redhat | enterprise_linux_for_arm_64_eus | 8.6_aarch64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x |
| redhat | codeready_linux_builder_eus | 9.2 |
| gnu | glibc | * |
| redhat | enterprise_linux_eus | 9.4 |
| fedoraproject | fedora | 39 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_server_aus | 9.4 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | virtualization_host | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | codeready_linux_builder_eus | 9.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le |
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | codeready_linux_builder_eus | 8.6 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.4_s390x |
| debian | debian_linux | 12.0 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.6_s390x |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 |
| redhat | enterprise_linux_server_aus | 9.6 |
| canonical | ubuntu_linux | 23.04 |
| redhat | virtualization | 4.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 8.6_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4_aarch64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.6_ppc64le |
| debian | debian_linux | 11.0 |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_arm64_eus | 8.6 |
| netapp | h300s_firmware | - |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | codeready_linux_builder_eus | 9.4 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.6_aarch64 |
| netapp | h500s_firmware | - |
| canonical | ubuntu_linux | 22.04 |
| netapp | ontap_select_deploy_administration_utility | - |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| netapp | h410s_firmware | - |
| netapp | h700s_firmware | - |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 8.6 |
| gnu | glibc | - |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | codeready_linux_builder | 9.0 |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 |
| fedoraproject | fedora | 37 |
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve-coordination@google.com | 8.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H | 1.5 | 6.0 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | - |
| gnu | grub | * |
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | glibc | * |
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
| secalert@redhat.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 9.0 |
| gnu | gnutls | * |
| debian | debian_linux | 10.0 |
| redhat | linux | 8.0 |
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 37 |
| gnu | gnutls | 1.5.0 |
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 39 |
| fedoraproject | fedora | 38 |
| gnu | glibc | * |
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 3.9 | 4.2 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 39 |
| fedoraproject | fedora | 38 |
| gnu | glibc | * |
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 39 |
| fedoraproject | fedora | 38 |
| gnu | glibc | * |
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 2.13 |
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| secalert@redhat.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | cpio | - |
| redhat | enterprise_linux | 7.0 |
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| fedoraproject | fedora | 39 |
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 39 |
| gnu | gnutls | * |
| debian | debian_linux | 11.0 |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 38 |
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | coreutils | 9.3 |
| gnu | coreutils | 9.2 |
| gnu | coreutils | 9.4 |
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | indent | 2.2.13 |
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| secalert@redhat.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| fedoraproject | fedora | 40 |
| redhat | enterprise_linux | 8.0 |
| gnu | grub2 | - |
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | bootstrap_os | - |
| gnu | grub2 | * |
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | savane | * |
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | savane | * |
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | savane | * |
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | savane | * |
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | org_mode | * |
| gnu | emacs | * |
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | org_mode | * |
| debian | debian_linux | 10.0 |
| gnu | emacs | * |
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | org_mode | * |
| debian | debian_linux | 10.0 |
| gnu | emacs | * |
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | org_mode | * |
| debian | debian_linux | 10.0 |
| gnu | emacs | * |
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h410c_firmware | - |
| debian | debian_linux | 10.0 |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | hci_bootstrap_os | - |
| netapp | h410s_firmware | - |
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h610c_firmware | - |
| netapp | h410c_firmware | - |
| netapp | h615c_firmware | - |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | hci_bootstrap_os | - |
| netapp | h610s_firmware | - |
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h610c_firmware | - |
| netapp | h410c_firmware | - |
| netapp | h615c_firmware | - |
| debian | debian_linux | 10.0 |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | hci_bootstrap_os | - |
| netapp | h410s_firmware | - |
| netapp | h610s_firmware | - |
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h410c_firmware | - |
| debian | debian_linux | 10.0 |
| netapp | element_software | - |
| netapp | solidfire_&_hci_storage_node | - |
| gnu | glibc | * |
| netapp | h300s_firmware | - |
| netapp | hci_bootstrap_os | - |
| netapp | h410s_firmware | - |
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libcdio | * |
| gnu | libcdio | 2.1.0 |
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift | 4.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | grub2 | * |
| redhat | enterprise_linux | 10.0 |
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| secalert@redhat.com | 4.1 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.0 |
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H | 0.8 | 5.2 |
| secalert@redhat.com | 4.1 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N | 0.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.0 |
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | gnu_scientific_library | * |
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | * |
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | nano | * |
| redhat | enterprise_linux | 6.0 |
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | grub2 | * |
| redhat | openshift_container_platform | 4.0 |
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-121,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
| cna@vuldb.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.2 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | active_iq_unified_manager | - |
| gnu | binutils | 2.43 |
A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | active_iq_unified_manager | - |
| gnu | binutils | 2.43 |
A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.43 |
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-252,CWE-253,CWE-252,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libtasn1 | 4.20.0 |
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
| gnu | binutils | 2.43 |
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H | 2.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| gnu | gnutls | * |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | gnutls | - |
| redhat | enterprise_linux | 6.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| gnu | gnutls | - |
| redhat | enterprise_linux | 6.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N | 2.2 | 2.7 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
| cve@mitre.org | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | mailman | * |
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 4.1 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L | 1.0 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | * |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 2.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 1.4 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | * |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| cve@mitre.org | 4.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L | 1.4 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | * |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| cve@mitre.org | 4.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L | 1.4 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | * |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
| cve@mitre.org | 2.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 1.4 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | * |
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 2.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 1.4 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | * |
A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-189,CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | pspp | - |
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.2 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.2 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libmicrohttpd | * |
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.9 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 1.4 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | grub2 | * |
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libmicrohttpd | * |
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | recutils | 1.9 |
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.26 |
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget2 | * |
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget2 | * |
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | * |
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,CWE-404,CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.44 |
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | libopts | * |
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | inetutils | * |
| debian | debian_linux | 11.0 |
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 7.4 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.4 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | inetutils | * |
A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L | 1.8 | 4.2 |
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| gnu | binutils | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |
A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L | 1.8 | 4.2 |
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| gnu | binutils | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | * |
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
| secalert@redhat.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| gnu | binutils | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 10.0 |