Vulnerabilities > GNU > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-29 | CVE-2017-7301 | Improper Input Validation vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. | 7.5 |
2017-03-29 | CVE-2017-7300 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | 7.5 |
2017-03-27 | CVE-2017-5932 | Improper Input Validation vulnerability in GNU Bash 4.4 The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | 7.8 |
2017-03-24 | CVE-2017-5335 | Out-of-bounds Read vulnerability in multiple products The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | 7.5 |
2017-03-22 | CVE-2017-7227 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. | 7.5 |
2017-03-22 | CVE-2017-7225 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | 7.5 |
2017-03-22 | CVE-2017-7223 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | 7.5 |
2017-03-20 | CVE-2017-5618 | Incorrect Authorization vulnerability in GNU Screen GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | 7.8 |
2017-03-20 | CVE-2015-8983 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | 8.1 |
2017-03-15 | CVE-2015-8982 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | 8.1 |