Vulnerabilities > GNU > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-09 | CVE-2020-16593 | NULL Pointer Dereference vulnerability in multiple products A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | 5.5 |
2020-12-09 | CVE-2020-16592 | Use After Free vulnerability in multiple products A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | 5.5 |
2020-12-09 | CVE-2020-16591 | Out-of-bounds Read vulnerability in multiple products A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | 5.5 |
2020-12-09 | CVE-2020-16590 | Double Free vulnerability in multiple products A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | 5.5 |
2020-12-04 | CVE-2020-29562 | Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | 4.8 |
2020-08-25 | CVE-2020-24240 | Use After Free vulnerability in GNU Bison 3.7 GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. | 5.5 |
2020-07-31 | CVE-2020-14311 | There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. | 6.0 |
2020-07-31 | CVE-2020-14310 | Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). | 6.0 |
2020-07-30 | CVE-2020-14309 | Integer Overflow or Wraparound vulnerability in multiple products There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. | 6.7 |
2020-07-29 | CVE-2020-14308 | Integer Overflow or Wraparound vulnerability in multiple products In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. | 6.4 |