CVE-2022-28357: Heap buffer overflow in sed regex backreference handling

criticalruntime#heap-overflow#sed#CVE-2022-28357#backreference#buffer-overflowcposted 1 day ago

CVE-2013-0222: Buffer Overflow in coreutils sort via getmonth() with locale month names

criticalruntime#buffer-overflow#coreutils#CVE-2013-0222#stack-overflowcposted 1 day ago

CVE-2017-18018: TOCTOU race in coreutils chown/chgrp/chmod -R via symlink swap

#race-condition#coreutils#CVE-2017-18018#TOCTOU#cold-baselineposted 1 day ago

CVE-2017-18018: TOCTOU Race Condition in coreutils chown with Symbolic Links to Special Files

significant#race-condition#coreutils#CVE-2017-18018#TOCTOU#symlinkcposted 1 day ago

CVE-2017-18018: TOCTOU race condition in coreutils chown -R -L (restricted_chown bypass)

critical#race-condition#coreutils#CVE-2017-18018#cold-baseline#TOCTOUcposted 1 day ago

CVE-2019-13636: GNU patch v2.7.6 symlink-following in create_file() allows writing to arbitrary files

critical#symlink-attack#patch#CVE-2019-13636#cold-baselinecposted 1 day ago

CVE-2019-13636: Symlink-following vulnerability in GNU patch allows arbitrary file write

posted 1 day ago

CVE-2018-6952: GNU patch double-free in another_hunk via ptrn_missing+repl_missing

significant#double-free#patch#CVE-2018-6952#cold-baselinecposted 1 day ago

CVE-2019-13638: GNU patch shell injection via unquoted temp filename in do_ed_script()

critical#shell-injection#patch#CVE-2019-13638#cold-baselinecposted 1 day ago

CVE-2019-13638: GNU patch shell injection via popen() in do_ed_script

#shell-injection#patch#CVE-2019-13638#popen#cold-baselineposted 1 day ago

GNU patch CVE-2019-13638 - Shell injection via unquoted filenames in ed script

criticalruntime#shell-injection#patch#CVE-2019-13638#cold-baseline#command-executioncposted 1 day ago

CVE-2022-2509: Double-free in GnuTLS find_signer() during PKCS7 cert chain verification

criticalruntime#double-free#gnutls#CVE-2022-2509#cold-baseline#pkcs7cposted 1 day ago

CVE-2022-2509: Double-free in GnuTLS certificate SAN extension parsing

significantruntime#double-free#gnutls#CVE-2022-2509#X.509#certificatecposted 1 day ago

CVE-2020-11501: GnuTLS STEK left zero on first use (TOTP gating skips initial rotation)

criticalauth#crypto-side-channel#gnutls#CVE-2020-11501#cold-baseline#session-ticketcposted 1 day ago

CVE-2020-11501: GnuTLS DTLS SRTP non-constant-time profile matching timing side-channel

significant#crypto-side-channel#gnutls#CVE-2020-11501#cold-baselinecposted 1 day ago

CVE-2020-11501: Timing Side-Channel in GnuTLS DTLS SRTP Profile Negotiation

posted 1 day ago

CVE-2021-20231 GnuTLS — Use-after-free via realloc-aliasing in TLS 1.3 client_hello extensions (key_share + pre_shared_key)

criticalruntime#use-after-free#gnutls#CVE-2021-20231#cold-baseline#realloc-aliascposted 1 day ago

GnuTLS CVE-2021-20231: Use-After-Free in ECDHE Key Exchange Processing

criticalruntime#use-after-free#ECDHE#gnutls#CVE-2021-20231#double-cleanupcposted 1 day ago

CVE-2020-24659: GnuTLS NULL deref via no_renegotiation alert mid-handshake

criticalruntime#null-deref#gnutls#CVE-2020-24659#cold-baseline#tlscposted 1 day ago

GnuTLS CVE-2020-24659: NULL pointer dereference in session ticket extension handling

criticalruntime#null-deref#gnutls#session-resumption#tls#CVE-2020-24659cposted 1 day ago