Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-15 | CVE-2021-34337 | Unspecified vulnerability in GNU Mailman An issue was discovered in Mailman Core before 3.3.5. | 6.3 |
2023-04-14 | CVE-2023-29491 | Out-of-bounds Write vulnerability in GNU Ncurses ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | 7.8 |
2023-04-03 | CVE-2023-1579 | Out-of-bounds Write vulnerability in GNU Binutils 2.39 Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | 7.8 |
2023-03-19 | CVE-2023-28617 | OS Command Injection vulnerability in GNU ORG Mode org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 7.8 |
2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
2023-03-09 | CVE-2023-27986 | Code Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. | 7.8 |
2023-03-01 | CVE-2023-25222 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. | 8.8 |
2023-02-28 | CVE-2023-27371 | Out-of-bounds Read vulnerability in GNU Libmicrohttpd GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. | 5.9 |
2023-02-20 | CVE-2022-48337 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. | 9.8 |
2023-02-20 | CVE-2022-48338 | Command Injection vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.3 |