Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-03-20 CVE-2017-5618 Incorrect Authorization vulnerability in GNU Screen
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
local
low complexity
gnu CWE-863
7.8
2017-03-20 CVE-2015-8985 Data Processing Errors vulnerability in GNU Glibc
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
network
high complexity
gnu CWE-19
5.9
2017-03-20 CVE-2015-8984 Out-of-bounds Read vulnerability in GNU Glibc
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
network
high complexity
gnu CWE-125
5.9
2017-03-20 CVE-2015-8983 Integer Overflow or Wraparound vulnerability in GNU Glibc
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
network
high complexity
gnu CWE-190
8.1
2017-03-17 CVE-2017-6969 Out-of-bounds Read vulnerability in GNU Binutils 2.28
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries.
network
low complexity
gnu CWE-125
critical
9.1
2017-03-17 CVE-2017-6966 Use After Free vulnerability in GNU Binutils 2.28
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary.
local
low complexity
gnu CWE-416
5.5
2017-03-17 CVE-2017-6965 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.
local
low complexity
gnu CWE-119
5.5
2017-03-15 CVE-2015-8982 Integer Overflow or Wraparound vulnerability in GNU Glibc
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
network
high complexity
gnu CWE-190
8.1
2017-03-07 CVE-2017-6508 CRLF Injection vulnerability in GNU Wget
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
network
low complexity
gnu CWE-93
6.1
2017-03-02 CVE-2016-10228 Improper Input Validation vulnerability in GNU Glibc
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
network
high complexity
gnu CWE-20
5.9