Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-03 | CVE-2021-40491 | Insufficient Verification of Data Authenticity vulnerability in multiple products The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. | 6.5 |
| 2021-08-12 | CVE-2021-38604 | NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. | 7.5 |
| 2021-08-08 | CVE-2021-38185 | Integer Overflow or Wraparound vulnerability in GNU Cpio GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. | 7.8 |
| 2021-07-22 | CVE-2021-35942 | Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. | 9.1 |
| 2021-07-20 | CVE-2019-25051 | Out-of-bounds Write vulnerability in multiple products objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | 7.8 |
| 2021-07-01 | CVE-2021-36080 | Double Free vulnerability in GNU Libredwg GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | 8.8 |
| 2021-06-02 | CVE-2021-3530 | Uncontrolled Recursion vulnerability in multiple products A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. | 7.5 |
| 2021-05-28 | CVE-2020-18395 | NULL Pointer Dereference vulnerability in GNU Gama 2.04 A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | 7.5 |
| 2021-05-26 | CVE-2021-3549 | Out-of-bounds Write vulnerability in GNU Binutils 2.36 An out of bounds flaw was found in GNU binutils objdump utility version 2.36. | 7.1 |
| 2021-05-25 | CVE-2021-33574 | Use After Free vulnerability in multiple products The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. | 9.8 |