Export limit exceeded: 366804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14333 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. | ||||
| CVE-2017-15671 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | ||||
| CVE-2017-5618 | 1 Gnu | 1 Screen | 2025-04-20 | N/A |
| GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | ||||
| CVE-2017-9748 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. | ||||
| CVE-2017-17531 | 1 Gnu | 1 Global | 2025-04-20 | N/A |
| gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | ||||
| CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2025-04-20 | 0.0 Low |
| In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||||
| CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | ||||
| CVE-2017-13730 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2017-13731 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13732 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2025-04-20 | 8.8 High |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | ||||
| CVE-2016-10228 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-20 | N/A |
| The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | ||||
| CVE-2017-14482 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Emacs, Enterprise Linux | 2025-04-20 | N/A |
| GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | ||||
| CVE-2017-12459 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. | ||||
| CVE-2017-15670 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-20 | N/A |
| The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | ||||
| CVE-2017-15804 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-20 | N/A |
| The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | ||||
| CVE-2017-12959 | 1 Gnu | 1 Pspp | 2025-04-20 | N/A |
| There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13733 | 1 Gnu | 1 Ncurses | 2025-04-20 | N/A |
| There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2016-0634 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2025-04-20 | N/A |
| The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | ||||
| CVE-2017-7614 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | ||||