Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-09 | CVE-2012-4412 | Numeric Errors vulnerability in GNU Glibc Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | 7.5 |
| 2013-10-04 | CVE-2013-4788 | Improper Input Validation vulnerability in GNU Eglibc and Glibc The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | 5.1 |
| 2013-05-02 | CVE-2011-4609 | Resource Management Errors vulnerability in GNU Glibc The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | 5.0 |
| 2013-02-08 | CVE-2013-0242 | Buffer Errors vulnerability in GNU Glibc 2.17 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. | 5.0 |
| 2013-02-08 | CVE-2013-1619 | Cryptographic Issues vulnerability in GNU Gnutls The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.0 |
| 2012-09-25 | CVE-2012-1103 | Improper Input Validation vulnerability in Notmuchmail Notmuch emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | 4.3 |
| 2012-09-05 | CVE-2012-3509 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. | 5.0 |
| 2012-08-27 | CVE-2012-3410 | Buffer Errors vulnerability in GNU Bash 4.2 Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. | 4.6 |
| 2012-08-26 | CVE-2012-1175 | Numeric Errors vulnerability in GNU Gnash 0.8.10 Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. | 6.8 |
| 2012-08-25 | CVE-2012-3479 | Remote Code Execution vulnerability in GNU Emacs 'enable-local-variables' lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. network gnu | 6.8 |