Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2018-0618 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
gnu debian CWE-79
5.4
2018-07-23 CVE-2018-14524 Double Free vulnerability in GNU Libredwg
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
network
low complexity
gnu CWE-415
6.5
2018-07-20 CVE-2018-14471 NULL Pointer Dereference vulnerability in GNU Libredwg
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
network
low complexity
gnu CWE-476
6.5
2018-07-20 CVE-2018-14443 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libredwg
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
network
low complexity
gnu CWE-119
6.5
2018-07-17 CVE-2018-14347 Infinite Loop vulnerability in multiple products
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
network
low complexity
debian gnu CWE-835
6.5
2018-07-12 CVE-2018-13796 Improper Input Validation vulnerability in GNU Mailman
An issue was discovered in GNU Mailman before 2.1.28.
network
low complexity
gnu CWE-20
6.5
2018-07-01 CVE-2018-13033 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c.
local
low complexity
gnu redhat CWE-770
5.5
2018-06-22 CVE-2018-12641 Resource Exhaustion vulnerability in GNU Binutils 2.30
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30.
local
low complexity
gnu CWE-400
5.5
2018-05-06 CVE-2018-0494 Improper Input Validation vulnerability in multiple products
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
network
low complexity
gnu canonical debian redhat CWE-20
6.5
2018-04-29 CVE-2018-10535 NULL Pointer Dereference vulnerability in multiple products
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
local
low complexity
gnu redhat CWE-476
5.5