Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-45261 | Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7 An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | 5.5 |
| 2021-11-12 | CVE-2021-43331 | Cross-site Scripting vulnerability in multiple products In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 6.1 |
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-10-21 | CVE-2021-42096 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 4.3 |
| 2021-09-20 | CVE-2021-39521 | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.5 |
| 2021-09-20 | CVE-2021-39523 | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.5 |
| 2021-09-03 | CVE-2021-40491 | Insufficient Verification of Data Authenticity vulnerability in multiple products The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. | 6.5 |
| 2021-05-18 | CVE-2020-23861 | Out-of-bounds Write vulnerability in GNU Libredwg 0.10.1 A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. | 5.5 |
| 2021-05-18 | CVE-2020-23856 | Use After Free vulnerability in multiple products Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | 5.5 |
| 2021-05-17 | CVE-2020-21834 | NULL Pointer Dereference vulnerability in GNU Libredwg 0.10 A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. | 6.5 |