Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-01-12 CVE-2016-8606 Improper Access Control vulnerability in multiple products
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
network
low complexity
gnu fedoraproject CWE-284
critical
9.8
2017-01-12 CVE-2016-8605 Permission Issues vulnerability in multiple products
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero.
network
low complexity
fedoraproject gnu CWE-275
5.3
2016-12-09 CVE-2016-6321 Path Traversal vulnerability in GNU TAR
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
network
low complexity
gnu CWE-22
7.5
2016-10-07 CVE-2016-6323 Improper Access Control vulnerability in multiple products
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
network
low complexity
gnu opensuse fedoraproject CWE-284
7.5
2016-09-27 CVE-2016-7444 Permissions, Privileges, and Access Controls vulnerability in GNU Gnutls
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
network
low complexity
gnu CWE-264
7.5
2016-09-26 CVE-2016-7098 Race Condition vulnerability in GNU Wget
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
network
high complexity
gnu CWE-362
8.1
2016-09-07 CVE-2016-6263 Out-of-bounds Read vulnerability in GNU Libidn
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
network
low complexity
gnu CWE-125
7.5
2016-09-07 CVE-2016-6262 Out-of-bounds Read vulnerability in multiple products
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
network
low complexity
gnu canonical opensuse CWE-125
7.5
2016-09-07 CVE-2016-6261 Out-of-bounds Read vulnerability in multiple products
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
network
low complexity
opensuse gnu canonical CWE-125
7.5
2016-09-07 CVE-2015-8948 Out-of-bounds Read vulnerability in multiple products
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
network
low complexity
opensuse canonical gnu CWE-125
7.5