Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
6.4
2020-07-29 CVE-2020-15706 Use After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
6.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
6.4
2020-07-17 CVE-2020-15807 NULL Pointer Dereference vulnerability in GNU Libredwg
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
network
low complexity
gnu CWE-476
6.5
2020-07-16 CVE-2019-20911 Infinite Loop vulnerability in GNU Libredwg
An issue was discovered in GNU LibreDWG through 0.9.3.
network
low complexity
gnu CWE-835
6.5
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
low complexity
gnu canonical debian CWE-74
4.3
2020-06-15 CVE-2020-14150 Unspecified vulnerability in GNU Bison
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).
local
low complexity
gnu
5.5
2020-05-06 CVE-2020-12108 Injection vulnerability in multiple products
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
network
low complexity
gnu debian fedoraproject opensuse canonical CWE-74
6.5
2020-04-24 CVE-2020-12137 Cross-site Scripting vulnerability in multiple products
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.
network
low complexity
gnu debian fedoraproject canonical opensuse CWE-79
6.1
2020-03-25 CVE-2019-20633 Double Free vulnerability in GNU Patch
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file.
local
low complexity
gnu CWE-415
5.5