Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-2781 | Improper Input Validation vulnerability in GNU Coreutils chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 6.5 |
| 2017-01-23 | CVE-2016-9401 | Use After Free vulnerability in multiple products popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | 2.1 |
| 2017-01-23 | CVE-2015-8972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | 7.5 |
| 2017-01-19 | CVE-2016-7543 | Improper Input Validation vulnerability in multiple products Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | 8.4 |
| 2017-01-12 | CVE-2016-8606 | Improper Access Control vulnerability in multiple products The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | 9.8 |
| 2017-01-12 | CVE-2016-8605 | Permission Issues vulnerability in multiple products The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. | 5.3 |
| 2016-12-09 | CVE-2016-6321 | Path Traversal vulnerability in GNU TAR Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | 7.5 |
| 2016-10-07 | CVE-2016-6323 | Improper Access Control vulnerability in multiple products The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | 7.5 |
| 2016-09-27 | CVE-2016-7444 | Permissions, Privileges, and Access Controls vulnerability in GNU Gnutls The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | 5.0 |
| 2016-09-26 | CVE-2016-7098 | Race Condition vulnerability in GNU Wget Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | 6.8 |