Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-04 | CVE-2017-12449 | Out-of-bounds Read vulnerability in GNU Binutils The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. | 6.8 |
| 2017-08-04 | CVE-2017-12448 | Use After Free vulnerability in GNU Binutils The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. | 6.8 |
| 2017-08-01 | CVE-2017-12132 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | 4.3 |
| 2017-07-26 | CVE-2017-11671 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 2.1 |
| 2017-07-08 | CVE-2017-11113 | NULL Pointer Dereference vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. | 5.0 |
| 2017-07-08 | CVE-2017-11112 | Improper Input Validation vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. | 5.0 |
| 2017-07-02 | CVE-2017-10792 | NULL Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2 There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. | 4.3 |
| 2017-07-02 | CVE-2017-10791 | Integer Overflow or Wraparound vulnerability in GNU Pspp 0.10.5Pre2 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. | 4.3 |
| 2017-07-02 | CVE-2017-10790 | NULL Pointer Dereference vulnerability in GNU Libtasn1 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. | 7.5 |
| 2017-06-29 | CVE-2017-10685 | Use of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. | 7.5 |