Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-28 | CVE-2018-7569 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | 5.5 |
| 2018-02-28 | CVE-2018-7568 | Integer Overflow or Wraparound vulnerability in multiple products The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | 5.5 |
| 2018-02-24 | CVE-2017-18199 | NULL Pointer Dereference vulnerability in GNU Libcdio realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | 6.5 |
| 2018-02-13 | CVE-2016-10713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch 2.5/2.5.4/2.7.1 An issue was discovered in GNU patch before 2.7.6. | 5.5 |
| 2018-02-09 | CVE-2018-6872 | Out-of-bounds Read vulnerability in GNU Binutils 2.30 The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. | 5.5 |
| 2018-02-06 | CVE-2018-6759 | Improper Input Validation vulnerability in GNU Binutils 2.30 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. | 5.5 |
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2018-01-04 | CVE-2017-18018 | Race Condition vulnerability in GNU Coreutils In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. | 4.7 |
| 2018-01-02 | CVE-2017-1000455 | Origin Validation Error vulnerability in GNU Guixsd GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | 5.5 |
| 2017-12-06 | CVE-2017-17440 | NULL Pointer Dereference vulnerability in GNU Libextractor 1.6 GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. | 6.5 |