Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2021-34337 Unspecified vulnerability in GNU Mailman
An issue was discovered in Mailman Core before 3.3.5.
local
high complexity
gnu
6.3
2023-04-14 CVE-2023-29491 Out-of-bounds Write vulnerability in GNU Ncurses
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
local
low complexity
gnu CWE-787
7.8
2023-04-08 CVE-2023-24626 Unspecified vulnerability in GNU Screen
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
local
low complexity
gnu
6.5
2023-04-03 CVE-2023-1579 Out-of-bounds Write vulnerability in GNU Binutils 2.39
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
local
low complexity
gnu CWE-787
7.8
2023-03-19 CVE-2023-28617 OS Command Injection vulnerability in GNU ORG Mode
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
local
low complexity
gnu CWE-78
7.8
2023-03-09 CVE-2023-27985 OS Command Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.
local
low complexity
gnu CWE-78
7.8
2023-03-09 CVE-2023-27986 Code Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
local
low complexity
gnu CWE-94
7.8
2023-03-01 CVE-2023-25222 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
network
low complexity
gnu CWE-787
8.8
2023-02-28 CVE-2023-27371 Out-of-bounds Read vulnerability in GNU Libmicrohttpd
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method.
network
high complexity
gnu CWE-125
5.9
2023-02-20 CVE-2022-48337 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program.
network
low complexity
gnu debian CWE-78
critical
9.8