Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-29 CVE-2017-13731 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
network
low complexity
gnu CWE-119
6.5
2017-08-29 CVE-2017-13730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
network
low complexity
gnu CWE-119
6.5
2017-08-29 CVE-2017-13729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0.
network
low complexity
gnu CWE-119
6.5
2017-08-28 CVE-2017-13716 Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.29
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
local
low complexity
gnu CWE-770
5.5
2017-08-25 CVE-2014-9637 Resource Management Errors vulnerability in multiple products
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
local
low complexity
fedoraproject mageia canonical gnu CWE-399
5.5
2017-08-19 CVE-2017-12967 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.
network
low complexity
gnu CWE-125
6.5
2017-08-01 CVE-2017-12132 Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
network
high complexity
gnu CWE-770
5.9
2017-07-26 CVE-2017-11671 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported.
local
low complexity
gnu CWE-338
4.0
2017-07-02 CVE-2017-10792 NULL Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0.
network
low complexity
gnu CWE-476
6.5
2017-07-02 CVE-2017-10791 Integer Overflow or Wraparound vulnerability in GNU Pspp 0.10.5Pre2
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0.
network
low complexity
gnu CWE-190
6.5