Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-22 | CVE-2018-10844 | Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. | 5.9 |
| 2018-08-20 | CVE-2018-1000654 | Unspecified vulnerability in GNU Libtasn1 4.12/4.13 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. | 5.5 |
| 2018-07-26 | CVE-2018-0618 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-07-23 | CVE-2018-14524 | Double Free vulnerability in GNU Libredwg dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. | 6.5 |
| 2018-07-20 | CVE-2018-14471 | NULL Pointer Dereference vulnerability in GNU Libredwg dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. | 6.5 |
| 2018-07-20 | CVE-2018-14443 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libredwg get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | 6.5 |
| 2018-07-17 | CVE-2018-14347 | Infinite Loop vulnerability in multiple products GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | 6.5 |
| 2018-07-12 | CVE-2018-13796 | Improper Input Validation vulnerability in GNU Mailman An issue was discovered in GNU Mailman before 2.1.28. | 6.5 |
| 2018-07-01 | CVE-2018-13033 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. | 5.5 |
| 2018-06-22 | CVE-2018-12641 | Resource Exhaustion vulnerability in GNU Binutils 2.30 An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. | 5.5 |