Vulnerabilities > GNU > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0
7.0
2023-07-20 CVE-2022-28735 Unspecified vulnerability in GNU Grub2
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.
local
low complexity
gnu
7.8
7.8
2023-07-20 CVE-2022-28736 Use After Free vulnerability in GNU Grub2
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2.
local
low complexity
gnu CWE-416
7.8
7.8
2023-06-23 CVE-2023-36271 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36272 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36273 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36274 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-05-18 CVE-2023-2789 Improper Resource Shutdown or Release vulnerability in GNU Cflow 1.7
A vulnerability was found in GNU cflow 1.7.
network
low complexity
gnu CWE-404
7.5
7.5
2023-05-17 CVE-2023-2491 Command Injection vulnerability in multiple products
A flaw was found in the Emacs text editor.
local
low complexity
gnu redhat CWE-77
7.8
7.8
2023-04-14 CVE-2023-29491 Out-of-bounds Write vulnerability in GNU Ncurses
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
local
low complexity
gnu CWE-787
7.8
7.8