Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-05 CVE-2016-4008 Resource Management Errors vulnerability in multiple products
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
network
high complexity
canonical opensuse gnu fedoraproject CWE-399
5.9
2016-02-22 CVE-2016-2037 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
network
low complexity
gnu debian CWE-119
6.5
2016-01-20 CVE-2015-8777 7PK - Security Features vulnerability in GNU Glibc
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
local
low complexity
gnu CWE-254
5.5
2011-06-30 CVE-2009-5078 7PK - Security Features vulnerability in multiple products
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
network
low complexity
gnu apple CWE-254
6.5
2008-11-13 CVE-2008-4989 Improper Certificate Validation vulnerability in multiple products
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
5.9
2005-05-02 CVE-2005-1111 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
local
high complexity
gnu debian canonical CWE-367
4.7