Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-08 | CVE-2021-38185 | Integer Overflow or Wraparound vulnerability in GNU Cpio GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. | 7.8 |
| 2021-07-22 | CVE-2021-35942 | Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. | 9.1 |
| 2021-07-20 | CVE-2019-25051 | Out-of-bounds Write vulnerability in multiple products objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | 7.8 |
| 2021-07-01 | CVE-2021-36080 | Double Free vulnerability in GNU Libredwg GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | 8.8 |
| 2021-06-02 | CVE-2021-3530 | Uncontrolled Recursion vulnerability in multiple products A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. | 7.5 |
| 2021-05-28 | CVE-2020-18395 | NULL Pointer Dereference vulnerability in GNU Gama 2.04 A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | 7.5 |
| 2021-05-26 | CVE-2021-3549 | Out-of-bounds Write vulnerability in GNU Binutils 2.36 An out of bounds flaw was found in GNU binutils objdump utility version 2.36. | 7.1 |
| 2021-05-25 | CVE-2021-33574 | Use After Free vulnerability in multiple products The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. | 9.8 |
| 2021-05-18 | CVE-2020-23861 | Out-of-bounds Write vulnerability in GNU Libredwg 0.10.1 A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. | 5.5 |
| 2021-05-18 | CVE-2020-23856 | Use After Free vulnerability in multiple products Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | 5.5 |