Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-16593 NULL Pointer Dereference vulnerability in multiple products
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
local
low complexity
gnu netapp CWE-476
5.5
2020-12-09 CVE-2020-16592 Use After Free vulnerability in multiple products
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
local
low complexity
gnu netapp fedoraproject CWE-416
5.5
2020-12-09 CVE-2020-16591 Out-of-bounds Read vulnerability in multiple products
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
local
low complexity
gnu netapp CWE-125
5.5
2020-12-09 CVE-2020-16590 Double Free vulnerability in multiple products
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
local
low complexity
gnu netapp CWE-415
5.5
2020-12-04 CVE-2020-29562 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
high complexity
gnu fedoraproject netapp CWE-617
4.8
2020-08-25 CVE-2020-24240 Use After Free vulnerability in GNU Bison 3.7
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered.
local
low complexity
gnu CWE-416
5.5
2020-07-31 CVE-2020-14311 There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems.
local
low complexity
gnu redhat opensuse canonical
6.0
2020-07-31 CVE-2020-14310 Integer Overflow or Wraparound vulnerability in multiple products
There is an issue on grub2 before version 2.06 at function read_section_as_string().
local
low complexity
gnu redhat opensuse canonical CWE-190
6.0
2020-07-30 CVE-2020-14309 Integer Overflow or Wraparound vulnerability in multiple products
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size.
local
low complexity
gnu opensuse CWE-190
6.7
2020-07-29 CVE-2020-14308 Integer Overflow or Wraparound vulnerability in multiple products
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size.
local
high complexity
gnu opensuse CWE-190
6.4