GNU CVE Vulnerabilities & CVE List (1,202)

Products (CPE): — CVEs: 1,202

GNU vulnerability overview

Aggregates CVE and security vulnerability intelligence across all GNU-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk memory corruption, vendor risk path handling, vendor risk input validation, and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

Showing 81100 of 1202 CVEs
«« First « Prev Page 5 / 61 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-32990 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. [email protected] 6.5 0.72% 2025-07-10 2026-06-29
CVE-2025-32989 A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checke [email protected] 5.3 1.18% 2025-07-10 2026-06-29
CVE-2025-32988 A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and m [email protected] 6.5 1.19% 2025-07-10 2026-06-29
CVE-2025-5745 The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. 3ff69d7a-14f2-4f67-a097-88dee7810d18 5.6 0.21% 2025-06-05 2026-06-17
CVE-2025-5702 The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. 3ff69d7a-14f2-4f67-a097-88dee7810d18 5.6 0.25% 2025-06-05 2026-06-17
CVE-2025-5245 A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. [email protected] 4.8 0.23% 2025-05-27 2026-06-17
CVE-2025-5244 A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component. [email protected] 4.8 0.23% 2025-05-27 2026-06-17
CVE-2025-5001 A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. [email protected] 4.8 0.24% 2025-05-20 2026-06-17
CVE-2025-48188 libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. [email protected] 2.9 0.07% 2025-05-16 2026-06-17
CVE-2025-4802 Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). 3ff69d7a-14f2-4f67-a097-88dee7810d18 7.8 0.39% 2025-05-16 2026-06-17
CVE-2025-47816 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. [email protected] 2.9 0.30% 2025-05-10 2026-06-17
CVE-2025-47815 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. [email protected] 4.5 0.26% 2025-05-10 2026-06-17
CVE-2025-47814 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. [email protected] 4.5 0.26% 2025-05-10 2026-06-17
CVE-2025-47229 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code. [email protected] 2.9 0.15% 2025-05-02 2026-06-17
CVE-2025-43921 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. [email protected] 5.3 0.36% 2025-04-19 2026-06-17
CVE-2025-43920 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. [email protected] 5.4 0.47% 2025-04-19 2026-06-17
CVE-2025-43919 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. [email protected] 5.8 1.40% 2025-04-19 2026-06-17
CVE-2025-3198 A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. [email protected] 4.8 0.26% 2025-04-03 2026-06-17
CVE-2025-0686 A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause o [email protected] 6.4 0.26% 2025-03-03 2026-06-29
CVE-2025-0685 A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the in [email protected] 6.4 0.26% 2025-03-03 2026-06-29
«« First « Prev Page 5 / 61 Next »
cvelogic Threat Intelligence