Vulnerabilities > GNU > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-29 | CVE-2020-15707 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. | 6.4 |
2020-07-29 | CVE-2020-15706 | Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. | 6.4 |
2020-07-29 | CVE-2020-15705 | Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. | 6.4 |
2020-07-17 | CVE-2020-15807 | NULL Pointer Dereference vulnerability in GNU Libredwg GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. | 6.5 |
2020-07-16 | CVE-2019-20911 | Infinite Loop vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 6.5 |
2020-06-24 | CVE-2020-15011 | Injection vulnerability in multiple products GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 4.3 |
2020-06-15 | CVE-2020-14150 | Unspecified vulnerability in GNU Bison GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). | 5.5 |
2020-05-06 | CVE-2020-12108 | Injection vulnerability in multiple products /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | 6.5 |
2020-04-24 | CVE-2020-12137 | Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. | 6.1 |
2020-03-25 | CVE-2019-20633 | Double Free vulnerability in GNU Patch GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. | 5.5 |