Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-02-07 CVE-2016-6131 Improper Input Validation vulnerability in GNU Libiberty
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
network
low complexity
gnu CWE-20
7.5
2017-02-07 CVE-2016-2781 Improper Input Validation vulnerability in GNU Coreutils
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
local
low complexity
gnu CWE-20
6.5
2017-01-23 CVE-2016-9401 Use After Free vulnerability in multiple products
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
local
low complexity
gnu debian redhat CWE-416
5.5
2017-01-23 CVE-2015-8972 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.
network
low complexity
gnu CWE-119
critical
9.8
2017-01-19 CVE-2016-7543 Improper Input Validation vulnerability in multiple products
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
local
low complexity
gnu fedoraproject CWE-20
8.4
2017-01-12 CVE-2016-8606 Improper Access Control vulnerability in multiple products
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
network
low complexity
gnu fedoraproject CWE-284
critical
9.8
2017-01-12 CVE-2016-8605 Permission Issues vulnerability in multiple products
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero.
network
low complexity
fedoraproject gnu CWE-275
5.3
2016-12-09 CVE-2016-6321 Path Traversal vulnerability in GNU TAR
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
network
low complexity
gnu CWE-22
7.5
2016-10-07 CVE-2016-6323 Improper Access Control vulnerability in multiple products
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
network
low complexity
gnu opensuse fedoraproject CWE-284
7.5
2016-09-27 CVE-2016-7444 Permissions, Privileges, and Access Controls vulnerability in GNU Gnutls
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
network
low complexity
gnu CWE-264
7.5