Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2021-46195 | Uncontrolled Recursion vulnerability in GNU GCC 12.0 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. | 5.5 |
| 2022-01-01 | CVE-2021-45950 | Out-of-bounds Write vulnerability in GNU Libredwg LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | 6.5 |
| 2021-12-22 | CVE-2021-45261 | Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7 An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | 5.5 |
| 2021-11-12 | CVE-2021-43331 | Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 6.1 |
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-10-21 | CVE-2021-42096 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 4.3 |
| 2021-09-20 | CVE-2021-39521 | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.5 |
| 2021-09-20 | CVE-2021-39523 | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.5 |
| 2021-09-03 | CVE-2021-40491 | Insufficient Verification of Data Authenticity vulnerability in multiple products The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. | 6.5 |
| 2021-05-18 | CVE-2020-23861 | Out-of-bounds Write vulnerability in GNU Libredwg 0.10.1 A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. | 5.5 |