Vulnerabilities > GNU > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2022-48337 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program.
network
low complexity
gnu debian CWE-78
critical
9.8
2023-02-06 CVE-2023-0687 Classic Buffer Overflow vulnerability in GNU Glibc
A vulnerability was found in GNU C Library 2.38.
network
low complexity
gnu CWE-120
critical
9.8
2023-02-03 CVE-2023-25139 Out-of-bounds Write vulnerability in GNU Glibc 2.37
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size.
network
low complexity
gnu CWE-787
critical
9.8
2022-10-24 CVE-2021-46848 Off-by-one Error vulnerability in multiple products
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
network
low complexity
gnu fedoraproject debian CWE-193
critical
9.1
2022-01-14 CVE-2022-23219 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2022-01-14 CVE-2022-23218 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2021-07-22 CVE-2021-35942 Integer Overflow or Wraparound vulnerability in multiple products
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information.
network
low complexity
gnu netapp debian CWE-190
critical
9.1
2021-05-25 CVE-2021-33574 Use After Free vulnerability in multiple products
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
network
low complexity
gnu fedoraproject netapp debian CWE-416
critical
9.8
2021-03-25 CVE-2021-3466 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in libmicrohttpd.
network
low complexity
gnu redhat fedoraproject CWE-120
critical
9.8
2021-03-12 CVE-2021-20231 Use After Free vulnerability in multiple products
A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp CWE-416
critical
9.8