Vulnerabilities > GNU > Low

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-1048 Incomplete Cleanup vulnerability in multiple products
A flaw was found in the grub2-set-bootflag utility of grub2.
local
low complexity
gnu redhat fedoraproject CWE-459
3.3
3.3
2022-03-10 CVE-2021-3981 Incorrect Default Permissions vulnerability in multiple products
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content.
local
low complexity
gnu fedoraproject CWE-276
3.3
3.3
2021-04-26 CVE-2021-27851 Link Following vulnerability in GNU Guix
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’.
local
low complexity
gnu CWE-59
2.1
2.1
2021-03-22 CVE-2021-28968 Cross-site Scripting vulnerability in GNU Punbb
An issue was discovered in PunBB before 1.4.6.
network
gnu CWE-79
3.5
3.5
2021-02-24 CVE-2021-27645 Double Free vulnerability in multiple products
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system.
local
high complexity
gnu fedoraproject debian CWE-415
2.5
2.5
2020-12-27 CVE-2020-35448 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1.
local
low complexity
gnu netapp CWE-125
3.3
3.3
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
high complexity
gnu canonical debian CWE-74
2.6
2.6
2019-11-19 CVE-2019-19126 Improper Initialization vulnerability in multiple products
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
local
low complexity
gnu canonical fedoraproject debian CWE-665
3.3
3.3
2019-04-10 CVE-2006-7254 Data Processing Errors vulnerability in GNU Glibc
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
local
low complexity
gnu CWE-19
2.1
2.1
2019-02-03 CVE-2019-7309 Unspecified vulnerability in GNU Glibc
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
local
low complexity
gnu
2.1
2.1