Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-24 CVE-2017-18199 NULL Pointer Dereference vulnerability in GNU Libcdio
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
network
low complexity
gnu CWE-476
6.5
2018-02-13 CVE-2016-10713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch
An issue was discovered in GNU patch before 2.7.6.
local
low complexity
gnu CWE-119
5.5
2018-02-09 CVE-2018-6872 Out-of-bounds Read vulnerability in GNU Binutils 2.30
The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.
local
low complexity
gnu CWE-125
5.5
2018-02-06 CVE-2018-6759 Improper Input Validation vulnerability in GNU Binutils 2.30
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation.
local
low complexity
gnu CWE-20
5.5
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
2018-01-04 CVE-2017-18018 Race Condition vulnerability in GNU Coreutils
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
local
high complexity
gnu CWE-362
4.7
2018-01-02 CVE-2017-1000455 Origin Validation Error vulnerability in GNU Guixsd
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.
local
low complexity
gnu CWE-346
5.5
2017-12-06 CVE-2017-17440 NULL Pointer Dereference vulnerability in GNU Libextractor 1.6
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
network
low complexity
gnu CWE-476
6.5
2017-12-04 CVE-2017-17123 NULL Pointer Dereference vulnerability in GNU Binutils 2.29.1
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
local
low complexity
gnu CWE-476
5.5
2017-11-30 CVE-2017-17080 Out-of-bounds Read vulnerability in GNU Binutils 2.29.1
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
local
low complexity
gnu CWE-125
5.5