Vulnerabilities > GNU > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-20 | CVE-2022-28734 | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. | 7.0 |
2023-07-20 | CVE-2022-28735 | Unspecified vulnerability in GNU Grub2 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. | 7.8 |
2023-07-20 | CVE-2022-28736 | Use After Free vulnerability in GNU Grub2 There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. | 7.8 |
2023-06-23 | CVE-2023-36271 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36272 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36273 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36274 | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | 8.8 |
2023-05-18 | CVE-2023-2789 | Unspecified vulnerability in GNU Cflow 1.7 A vulnerability was found in GNU cflow 1.7. | 7.5 |
2023-05-17 | CVE-2023-2491 | Command Injection vulnerability in multiple products A flaw was found in the Emacs text editor. | 7.8 |
2023-04-14 | CVE-2023-29491 | Out-of-bounds Write vulnerability in GNU Ncurses ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | 7.8 |