Vulnerabilities > GNU > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-36272 Out-of-bounds Write vulnerability in GNU Libredwg
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36273 Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-06-23 CVE-2023-36274 Out-of-bounds Write vulnerability in GNU Libredwg
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
network
low complexity
gnu CWE-787
8.8
8.8
2023-05-18 CVE-2023-2789 Unspecified vulnerability in GNU Cflow 1.7
A vulnerability was found in GNU cflow 1.7.
network
low complexity
gnu
7.5
7.5
2023-05-17 CVE-2023-2491 Command Injection vulnerability in multiple products
A flaw was found in the Emacs text editor.
local
low complexity
gnu redhat CWE-77
7.8
7.8
2023-04-14 CVE-2023-29491 Out-of-bounds Write vulnerability in GNU Ncurses
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
local
low complexity
gnu CWE-787
7.8
7.8
2023-04-03 CVE-2023-1579 Out-of-bounds Write vulnerability in GNU Binutils 2.39
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
local
low complexity
gnu CWE-787
7.8
7.8
2023-03-19 CVE-2023-28617 OS Command Injection vulnerability in GNU ORG Mode
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
local
low complexity
gnu CWE-78
7.8
7.8
2023-03-09 CVE-2023-27985 OS Command Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.
local
low complexity
gnu CWE-78
7.8
7.8
2023-03-09 CVE-2023-27986 Code Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
local
low complexity
gnu CWE-94
7.8
7.8