SUSE CVE-2020-25125

GnuPG 2.2.21 and 2.2.22 and Gpg4win 3.1.12 has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG...

SUSE CVE-2020-27618

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

SUSE CVE-2020-29562

The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

SUSE CVE-2021-3326

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

SUSE CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

SUSE CVE-2021-4209

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

SUSE CVE-2021-26937

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly have unspecified other impact via a crafted UTF-8 character sequence...

SUSE CVE-2021-27645

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c...

SUSE CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

SUSE CVE-2021-31879

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...

SUSE CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

SUSE CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

SUSE CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

SUSE CVE-2021-35942

The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but...

SUSE CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c...

SUSE CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

SUSE CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

SUSE CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

SUSE CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

SUSE CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...