Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-46705 | Unspecified vulnerability in GNU Grub2 A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. | 4.4 |
| 2022-01-14 | CVE-2021-46019 | NULL Pointer Dereference vulnerability in multiple products An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 5.5 |
| 2022-01-14 | CVE-2021-46021 | Use After Free vulnerability in multiple products An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 5.5 |
| 2022-01-14 | CVE-2021-46022 | Use After Free vulnerability in multiple products An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 5.5 |
| 2022-01-14 | CVE-2021-46195 | Uncontrolled Recursion vulnerability in GNU GCC 12.0 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. | 5.5 |
| 2022-01-01 | CVE-2021-45950 | Out-of-bounds Write vulnerability in GNU Libredwg LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | 6.5 |
| 2021-12-22 | CVE-2021-45261 | Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7 An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | 5.5 |
| 2021-11-12 | CVE-2021-43331 | Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 6.1 |
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-10-21 | CVE-2021-42096 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 4.3 |