Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2020-14372 A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled.
local
high complexity
gnu redhat fedoraproject netapp
7.5
2021-02-26 CVE-2020-27618 Infinite Loop vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
local
low complexity
gnu netapp oracle debian CWE-835
5.5
2021-02-24 CVE-2021-27645 Double Free vulnerability in multiple products
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system.
local
high complexity
gnu fedoraproject debian CWE-415
2.5
2021-02-09 CVE-2021-26937 Argument Injection or Modification vulnerability in multiple products
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
network
low complexity
gnu debian fedoraproject CWE-88
critical
9.8
2021-01-27 CVE-2021-3326 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
low complexity
gnu netapp oracle fujitsu debian CWE-617
7.5
2021-01-04 CVE-2019-25013 Out-of-bounds Read vulnerability in multiple products
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
network
high complexity
gnu fedoraproject netapp broadcom debian CWE-125
5.9
2021-01-04 CVE-2020-35507 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu redhat netapp broadcom
5.5
2021-01-04 CVE-2020-35496 There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu fedoraproject netapp broadcom
5.5
2021-01-04 CVE-2020-35495 There's a flaw in binutils /bfd/pef.c.
local
low complexity
gnu fedoraproject netapp broadcom
5.5
2021-01-04 CVE-2020-35494 There's a flaw in binutils /opcodes/tic4x-dis.c.
local
low complexity
gnu fedoraproject netapp broadcom
6.1