Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-02-24 CVE-2016-4488 Use After Free vulnerability in GNU Libiberty
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
local
low complexity
gnu CWE-416
5.5
2017-02-24 CVE-2016-4487 Use After Free vulnerability in GNU Libiberty
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
local
low complexity
gnu CWE-416
5.5
2017-02-24 CVE-2016-2226 Integer Overflow or Wraparound vulnerability in GNU Libiberty
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
local
low complexity
gnu CWE-190
7.8
2017-02-17 CVE-2017-5357 Use After Free vulnerability in multiple products
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
network
low complexity
fedoraproject gnu CWE-416
7.5
2017-02-17 CVE-2016-5417 Resource Management Errors vulnerability in GNU Glibc
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
network
low complexity
gnu CWE-399
7.5
2017-02-07 CVE-2016-6131 Improper Input Validation vulnerability in GNU Libiberty
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
network
low complexity
gnu CWE-20
7.5
2017-02-07 CVE-2016-2781 Improper Input Validation vulnerability in GNU Coreutils
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
local
low complexity
gnu CWE-20
6.5
2017-01-23 CVE-2016-9401 Use After Free vulnerability in multiple products
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
local
low complexity
gnu debian redhat CWE-416
5.5
2017-01-23 CVE-2015-8972 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.
network
low complexity
gnu CWE-119
critical
9.8
2017-01-19 CVE-2016-7543 Improper Input Validation vulnerability in multiple products
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
local
low complexity
gnu fedoraproject CWE-20
8.4