Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-14729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
local
low complexity
gnu CWE-119
7.8
2017-09-20 CVE-2015-1865 Race Condition vulnerability in GNU Coreutils 8.4
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
local
high complexity
gnu CWE-362
4.7
2017-09-18 CVE-2017-14529 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
local
low complexity
gnu CWE-125
5.5
2017-09-14 CVE-2017-14482 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el.
network
low complexity
gnu debian
8.8
2017-09-12 CVE-2017-14333 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
local
low complexity
gnu CWE-190
7.8
2017-09-07 CVE-2017-12133 Use After Free vulnerability in GNU Glibc
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
network
high complexity
gnu CWE-416
5.9
2017-09-04 CVE-2017-14130 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-09-04 CVE-2017-14129 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-09-04 CVE-2017-14128 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-08-31 CVE-2017-14062 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
gnu debian CWE-190
critical
9.8