Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2023-03-09 CVE-2023-27985 OS Command Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.
local
low complexity
gnu CWE-78
7.8
7.8
2023-03-09 CVE-2023-27986 Code Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
local
low complexity
gnu CWE-94
7.8
7.8
2023-03-01 CVE-2023-25222 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-02-28 CVE-2023-27371 Out-of-bounds Read vulnerability in GNU Libmicrohttpd
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method.
network
high complexity
gnu CWE-125
5.9
5.9
2023-02-20 CVE-2022-48337 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program.
network
low complexity
gnu debian CWE-78
critical
 9.8
9.8
2023-02-20 CVE-2022-48338 Command Injection vulnerability in GNU Emacs
An issue was discovered in GNU Emacs through 28.2.
local
low complexity
gnu CWE-77
7.3
7.3
2023-02-20 CVE-2022-48339 Improper Encoding or Escaping of Output vulnerability in GNU Emacs
An issue was discovered in GNU Emacs through 28.2.
local
low complexity
gnu CWE-116
7.8
7.8
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
7.4
2023-02-07 CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
network
low complexity
gnu fedoraproject
7.5
7.5
2023-02-06 CVE-2023-0687 Unspecified vulnerability in GNU Glibc
A vulnerability was found in GNU C Library 2.38.
network
low complexity
gnu
critical
 9.8
9.8