Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-24 | CVE-2016-4488 | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | 5.5 |
| 2017-02-24 | CVE-2016-4487 | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | 5.5 |
| 2017-02-07 | CVE-2016-2781 | Improper Input Validation vulnerability in GNU Coreutils chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 6.5 |
| 2017-01-23 | CVE-2016-9401 | Use After Free vulnerability in multiple products popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | 5.5 |
| 2017-01-12 | CVE-2016-8605 | Permission Issues vulnerability in multiple products The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. | 5.3 |
| 2016-06-10 | CVE-2016-4429 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | 5.9 |
| 2016-05-05 | CVE-2016-4008 | Resource Management Errors vulnerability in multiple products The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | 5.9 |
| 2016-02-22 | CVE-2016-2037 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | 6.5 |
| 2016-01-20 | CVE-2015-8777 | 7PK - Security Features vulnerability in GNU Glibc The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | 5.5 |
| 2011-06-30 | CVE-2009-5078 | 7PK - Security Features vulnerability in multiple products contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | 6.5 |