Vulnerabilities > GNU > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2024-38428 | Interpretation Conflict vulnerability in GNU Wget url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. | 9.1 |
| 2023-02-20 | CVE-2022-48337 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. | 9.8 |
| 2023-02-06 | CVE-2023-0687 | Classic Buffer Overflow vulnerability in GNU Glibc A vulnerability was found in GNU C Library 2.38. | 9.8 |
| 2023-02-03 | CVE-2023-25139 | Out-of-bounds Write vulnerability in GNU Glibc 2.37 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. | 9.8 |
| 2022-10-24 | CVE-2021-46848 | Off-by-one Error vulnerability in multiple products GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 9.1 |
| 2022-08-18 | CVE-2022-35164 | Use After Free vulnerability in GNU Libredwg LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | 9.8 |
| 2022-01-14 | CVE-2022-23218 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
| 2022-01-14 | CVE-2022-23219 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
| 2021-12-02 | CVE-2021-28237 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.3 LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | 9.8 |
| 2021-07-22 | CVE-2021-35942 | Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. | 9.1 |