Vulnerabilities > GNU > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-15804 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | 9.8 |
| 2017-10-20 | CVE-2017-15670 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | 9.8 |
| 2017-08-31 | CVE-2017-14062 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
| 2017-08-31 | CVE-2017-14061 | Integer Overflow or Wraparound vulnerability in GNU Libidn2 Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
| 2017-06-29 | CVE-2017-10685 | Use of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. | 9.8 |
| 2017-06-29 | CVE-2017-10684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. | 9.8 |
| 2017-06-12 | CVE-2014-9984 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | 9.8 |
| 2017-04-13 | CVE-2016-10324 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Osip 4.1.0 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | 9.8 |
| 2017-04-09 | CVE-2017-7614 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | 9.8 |
| 2017-03-24 | CVE-2017-5337 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | 9.8 |