Vulnerabilities in GNU Project
8 resultsCVE-2017-13089HIGHGNU Wget: stack overflow in HTTP protocol handlingEPSS 79.9%CVE-2017-13090HIGHGNU Wget: heap overflow in HTTP protocol handlingEPSS 36.6%CVE-2022-28733HIGHInteger underflow in grub_net_recv_ip4_packetsEPSS 1.3%CVE-2022-28734HIGHOut-of-bounds write when handling split HTTP headersEPSS 1.1%CVE-2025-62689HIGHNULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the EPSS 0.4%CVE-2025-59777HIGHNULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the EPSS 0.4%CVE-2022-28735MEDIUMThe GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded maEPSS 0.3%CVE-2022-28736MEDIUMThere's a use-after-free vulnerability in grub_cmd_chainloader() functionEPSS 0.3%