Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-46022 Use After Free vulnerability in multiple products
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-416
5.5
2022-01-14 CVE-2021-46195 Uncontrolled Recursion vulnerability in GNU GCC 12.0
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c.
local
low complexity
gnu CWE-674
5.5
2022-01-14 CVE-2022-23218 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2022-01-14 CVE-2022-23219 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2022-01-01 CVE-2021-45950 Out-of-bounds Write vulnerability in GNU Libredwg
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
network
low complexity
gnu CWE-787
6.5
2021-12-22 CVE-2021-45261 Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
local
low complexity
gnu CWE-763
5.5
2021-12-15 CVE-2021-45078 Out-of-bounds Write vulnerability in multiple products
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write.
local
low complexity
gnu fedoraproject redhat debian netapp CWE-787
7.8
2021-12-02 CVE-2021-28236 NULL Pointer Dereference vulnerability in GNU Libredwg 0.12.3
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
network
low complexity
gnu CWE-476
7.5
2021-12-02 CVE-2021-28237 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.3
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
network
low complexity
gnu CWE-787
critical
9.8
2021-12-02 CVE-2021-44227 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
network
low complexity
gnu debian CWE-352
8.8