Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-24 | CVE-2015-0282 | Cryptographic Issues vulnerability in GNU Gnutls GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 5.0 |
2015-02-24 | CVE-2013-7423 | Code vulnerability in multiple products The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | 5.0 |
2015-02-12 | CVE-2015-1345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. | 2.1 |
2015-01-21 | CVE-2015-1196 | Link Following vulnerability in multiple products GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | 4.3 |
2015-01-16 | CVE-2014-9471 | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | 7.5 |
2014-12-02 | CVE-2014-9112 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | 5.0 |
2014-11-13 | CVE-2014-8564 | Cryptographic Issues vulnerability in multiple products The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | 5.0 |
2014-10-29 | CVE-2014-4877 | Path Traversal vulnerability in GNU Wget Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | 9.3 |
2014-09-30 | CVE-2014-6278 | OS Command Injection vulnerability in GNU Bash GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 10.0 |
2014-09-28 | CVE-2014-7187 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Bash Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. | 10.0 |