Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-17 | CVE-2015-5276 | Information Exposure vulnerability in GNU GCC The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | 5.0 |
2015-09-28 | CVE-2015-6806 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Screen The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | 5.0 |
2015-09-02 | CVE-2015-3308 | Denial of Service vulnerability in GnuTLS 'x509_ext.c' Use After Free Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | 7.5 |
2015-08-24 | CVE-2015-6251 | Denial of Service vulnerability in GnuTLS 'common.c' Double Free Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | 5.0 |
2015-08-12 | CVE-2015-2059 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | 7.5 |
2015-06-02 | CVE-2015-4156 | Link Following vulnerability in multiple products GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 3.6 |
2015-06-02 | CVE-2015-4155 | Link Following vulnerability in GNU Parallel GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 3.6 |
2015-05-12 | CVE-2015-3622 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. | 4.3 |
2015-04-14 | CVE-2014-9488 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. | 10.0 |
2015-04-13 | CVE-2015-2775 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. | 7.6 |