RockyLinux 9 : grub2 (RLSA-2026:4760)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4760 advisory. grub2: Missing unregister call for gettext command may lead to use-after-free CVE-2025-61662 Tenable has extracted the preceding description block directly from t...

NewStart CGSL MAIN 6.06 (SP) : gettext Vulnerability (NS-SA-2026-0015)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in...

MiracleLinux 7 : gettext-0.19.8.1-3.el7 (AXSA:2020-4542:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4542:01 advisory. gettext: double free in defaultaddmessage in read-catalog.c CVE-2018-18751 Tenable has extracted the preceding description block directly from the MiracleLin...

AZL-70565 CVE-2025-61662 affecting package grub2 for versions less than 2.06-26

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

EUVD-2018-10467

Malware in sbrugna...

NewStart CGSL MAIN 6.06 : gettext Vulnerability (NS-SA-2025-0218)

The remote NewStart CGSL host, running version MAIN 6.06, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in po-gram-gen....

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

GNU gettext cross-site scripting vulnerability

GNU gettext is an open source package for writing multilingual programs from the GNU community in the United States. A cross-site scripting vulnerability exists in GNU gettext, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no...

GNU gettext 安全漏洞

GNU gettext is an open source package for writing multilingual programs from the GNU community in the United States. A cross-site scripting vulnerability exists in GNU gettext, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no...

Ubuntu 16.04 ESM : Gettext vulnerability (USN-4779-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4779-1 advisory. Danilo Segan discovered that Gettext mishandled certain input. An attacker could use this vulnerability to execute arbitrary code. Tenable has extracted the...

Security Bulletin: IBM Event Streams is affected by GNU gettext vulnerability CVE-2018-18751

Summary IBM Event Streams has addressed the following vulnerability Vulnerability Details CVEID: CVE-2018-18751 DESCRIPTION: GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the defaultaddmessage function in read-catalog.c. By persuading a victim to open a...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gettext Vulnerability (NS-SA-2020-0070)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in...

CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code...

Security Bulletin: IBM Event Streams is affected by gettext vulnerability CVE-2018-18751

Summary IBM Event Streams has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-18751 DESCRIPTION: GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the defaultaddmessage function in read-catalog.c. By persuading a victim to open a...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : gettext vulnerability (USN-3815-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3815-1 advisory. It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...

USN-3815-2: gettext vulnerability

USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...

USN-3815-1 gettext vulnerability

It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...

DEBIAN-CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

GNU gettext 'default_add_message' function double release vulnerability

GNU gettext is an open source package for writing multilingual programs developed by the GNU Project. A double release vulnerability exists in the 'defaultaddmessage' function of the read-catalog.c file in GNU gettext version 0.19.8. No details of the vulnerability are provided at this time...

DEBIAN-CVE-2004-0966

The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...