Filtered by vendor Gnu
Subscriptions
Total
1082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5335 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2024-11-21 | N/A |
| The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | ||||
| CVE-2017-5334 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2024-11-21 | N/A |
| Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | ||||
| CVE-2017-18269 | 2 Gnu, Linux | 2 Glibc, Linux Kernel | 2024-11-21 | N/A |
| An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. | ||||
| CVE-2017-18201 | 2 Gnu, Redhat | 2 Libcdio, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | ||||
| CVE-2017-18199 | 2 Gnu, Redhat | 2 Libcdio, Enterprise Linux | 2024-11-21 | N/A |
| realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | ||||
| CVE-2017-18198 | 2 Gnu, Redhat | 2 Libcdio, Enterprise Linux | 2024-11-21 | N/A |
| print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | ||||
| CVE-2017-18018 | 1 Gnu | 1 Coreutils | 2024-11-21 | N/A |
| In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. | ||||
| CVE-2017-17531 | 1 Gnu | 1 Global | 2024-11-21 | N/A |
| gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | ||||
| CVE-2017-17440 | 1 Gnu | 1 Libextractor | 2024-11-21 | N/A |
| GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. | ||||
| CVE-2017-17426 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. | ||||
| CVE-2017-17126 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. | ||||
| CVE-2017-17125 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. | ||||
| CVE-2017-17124 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | ||||
| CVE-2017-17123 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. | ||||
| CVE-2017-17122 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. | ||||
| CVE-2017-17121 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. | ||||
| CVE-2017-17080 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. | ||||
| CVE-2017-16997 | 2 Gnu, Redhat | 5 Glibc, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | ||||
| CVE-2017-16879 | 1 Gnu | 1 Ncurses | 2024-11-21 | 7.8 High |
| Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. | ||||
| CVE-2017-16832 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | ||||