Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2014-9637 | Resource Management Errors vulnerability in multiple products GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | 5.5 |
| 2017-08-19 | CVE-2017-12967 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | 6.5 |
| 2017-08-01 | CVE-2017-12132 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | 5.9 |
| 2017-07-26 | CVE-2017-11671 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 4.0 |
| 2017-07-02 | CVE-2017-10792 | NULL Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2 There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. | 6.5 |
| 2017-07-02 | CVE-2017-10791 | Integer Overflow or Wraparound vulnerability in GNU Pspp 0.10.5Pre2 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. | 6.5 |
| 2017-06-26 | CVE-2017-9955 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | 5.5 |
| 2017-06-26 | CVE-2017-9954 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. | 5.5 |
| 2017-06-21 | CVE-2017-9778 | Allocation of Resources Without Limits or Throttling vulnerability in GNU GDB GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. | 5.5 |
| 2017-05-18 | CVE-2017-9044 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | 5.5 |