Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0
7.0
2023-07-20 CVE-2022-28735 Unspecified vulnerability in GNU Grub2
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.
local
low complexity
gnu
7.8
7.8
2023-07-20 CVE-2022-28736 Use After Free vulnerability in GNU Grub2
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2.
local
low complexity
gnu CWE-416
7.8
7.8
2023-07-18 CVE-2021-32256 Out-of-bounds Write vulnerability in GNU Binutils 2.36
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36.
network
low complexity
gnu CWE-787
6.5
6.5
2023-06-25 CVE-2015-20109 Classic Buffer Overflow vulnerability in GNU Glibc
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern.
local
low complexity
gnu CWE-120
5.5
5.5
2023-06-23 CVE-2023-36271 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36272 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36273 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36274 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-05-18 CVE-2023-2789 Improper Resource Shutdown or Release vulnerability in GNU Cflow 1.7
A vulnerability was found in GNU cflow 1.7.
network
low complexity
gnu CWE-404
7.5
7.5