MidnightBSD

Advisories for gnu

CVE-1999-0016 MEDIUM

Land IP denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9.05
hp hp-ux 9.04
hp hp-ux 10.00
hp hp-ux 10.16
hp hp-ux 10.24
hp hp-ux 9.03
hp hp-ux 10.30
microsoft windows_nt 4.0
cisco ios 7000
gnu inet 5.01
sun sunos 4.1.3u1
hp hp-ux 10.10
hp hp-ux 10.20
microsoft winsock 2.0
hp hp-ux 9.07
hp hp-ux 9.00
microsoft windows_95 *
hp hp-ux 9.01
sun sunos 4.1.4
netbsd netbsd 1.0
hp hp-ux 10.01
hp hp-ux 11.00
netbsd netbsd 1.1
CVE-1999-0017 HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.5
washington_university wu-ftpd 2.4
sco openserver 5.0.4
ibm aix 4.2
ibm aix 4.3
gnu inet 5.01
sun sunos 4.1.3u1
gnu inet 6.01
ibm aix 4.1
sun sunos 5.5.1
caldera openlinux 1.2
sun sunos 4.1.4
netbsd netbsd 1.0
freebsd freebsd 2.1.0
netbsd netbsd 1.2.1
sco open_desktop 3.0
freebsd freebsd 2.0
ibm aix 3.2
freebsd freebsd 1.1
gnu inet 6.02
sun sunos 5.3
sco unixware 2.1
freebsd freebsd 1.0
freebsd freebsd 2.1.7
netbsd netbsd 1.2
freebsd freebsd 1.2
siemens reliant_unix *
netbsd netbsd 1.1
CVE-1999-0035 MEDIUM

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,CWE-364,

Products Affected

Vendor Product Version
sgi irix *
gnu inet 5.01
CVE-1999-0041 HIGH

Buffer overflow in NLS (Natural Language Service).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 3.1
gnu libc 5.2.18
ibm aix 4.2
gnu libc 5.0.9
ibm aix 3.2.5
cray unicos 1.5
cray unicos 9.2
redhat linux 4.0
gnu libc 5.3.12
cray unicos 9.0
ibm aix 4.1
cray unicos_max 1.3
CVE-1999-0150 HIGH

The Perl fingerd program allows arbitrary command execution from remote users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fingerd *
CVE-1999-0216 MEDIUM

Denial of service of inetd on Linux through SYN and RST packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
linux linux_kernel 2.6.20.1
gnu inet 5.01
CVE-1999-0402 MEDIUM

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.5.3
CVE-1999-0491 MEDIUM

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
gnu bash 1.14.2
gnu bash 2.02.1
gnu bash 2.03
gnu bash 2.05
gnu bash *
gnu bash 1.14.7
gnu bash 2.01
gnu bash 1.14.0
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 2.01.1
gnu bash 1.14.6
gnu bash 1.14.5
gnu bash 2.0
gnu bash 2.02
gnu bash 1.14.3
CVE-1999-0612 LOW

A version of finger is running that exposes valid user information to any entity on the network.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fingerd *
microsoft windows_2000 *
microsoft windows_nt *
gnu finger_service *
CVE-1999-0719 MEDIUM

The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnumeric 0.27
CVE-1999-1165 HIGH

GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fingerd 1.37
CVE-1999-1383 MEDIUM

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu bash 1.14.2
gnu bash *
gnu bash 1.14.5
gnu bash 1.14.0
tcsh tcsh 6.05
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 1.14.3
CVE-2000-0151 MEDIUM

GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu make 3.77.44
CVE-2000-0269 LOW

Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 20.1
gnu emacs 20.0
gnu emacs 20.2
gnu emacs 20.6
gnu emacs 20.4
CVE-2000-0270 LOW

The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 20.1
gnu emacs 20.0
gnu emacs 20.2
gnu emacs 20.6
gnu emacs 20.4
CVE-2000-0271 MEDIUM

read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 20.1
gnu emacs 20.0
gnu emacs 20.2
gnu emacs 20.6
gnu emacs 20.4
CVE-2000-0335 HIGH

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.1.3
isc bind 8.2.2
isc bind 8.2.1
isc bind 8.2
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.1.1
gnu glibc 2.0
CVE-2000-0701 MEDIUM

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 4.2
conectiva linux 4.1
gnu mailman 2.0
conectiva linux 5.1
conectiva linux 5.0
redhat linux *
CVE-2000-0786 MEDIUM

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu userv 1.0.0
CVE-2000-0803 HIGH

GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu groff *
CVE-2000-0824 HIGH

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.1.1
CVE-2000-0861 HIGH

Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 1.1
CVE-2000-0947 HIGH

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 1.5.3-4
gnu cfengine 1.5
gnu cfengine 1.6
CVE-2000-0959 LOW

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.1.3.10
CVE-2000-0963 HIGH

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.2
freebsd freebsd 3.5.1
freebsd freebsd 4.1
redhat linux 7.0
freebsd freebsd 4.1.1
gnu ncurses *
immunix immunix 7.0_beta
immunix immunix 6.2
freebsd freebsd 3.4
freebsd freebsd 4.0
CVE-2000-0974 HIGH

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.0
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.0.1
CVE-2000-1137 MEDIUM

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu ed 2.15
gnu ed 2.16tr
gnu ed 2.18.0
gnu ed 2.18
CVE-2000-1219 HIGH

The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu g++ *
gnu gcc *
CVE-2001-0071 LOW

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.0.3b
gnu privacy_guard 1.0
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.0.1
CVE-2001-0072 MEDIUM

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.0.3b
gnu privacy_guard 1.0
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.0.1
CVE-2001-0290 MEDIUM

Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2001-0522 HIGH

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 7.1
gnu privacy_guard 7.2
gnu privacy_guard 8.0
CVE-2001-0884 MEDIUM

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 5.0
gnu mailman 6.0
gnu mailman *
gnu mailman 5.1
gnu mailman 7.0
CVE-2001-1022 HIGH

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu groff 1.11
gnu groff 1.10
gnu groff 1.15
gnu groff 1.11a
gnu groff 1.16.1
jgroff jgroff *
gnu groff 1.14
CVE-2001-1036 HIGH

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 8.0
gnu findutils 4.0
gnu findutils 4.1
slackware slackware_linux 7.1
CVE-2001-1132 HIGH

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2001-1228 HIGH

Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gzip 1.2.4
gnu gzip 1.2.4a
gnu gzip 1.3
CVE-2001-1267 LOW

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu tar *
CVE-2001-1301 LOW

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 20.4
xemacs xemacs 21.1.10
CVE-2001-1376 HIGH

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yard_radius yard_radius 1.0.19
yard_radius yard_radius 1.0_pre14
miquel_van_smoorenburg_cistron radius 1.6.4
gnu radius 0.93
openradius openradius 0.9.2
icradius icradius 0.18
lucent radius 2.0.1
lucent radius 2.1
gnu radius 0.94
miquel_van_smoorenburg_cistron radius 1.6_.0
openradius openradius 0.9.3
gnu radius 0.95
yard_radius yard_radius 1.0.18
lucent radius 2.0
miquel_van_smoorenburg_cistron radius 1.6.2
openradius openradius 0.8
yard_radius_project yard_radius 1.0.16
freeradius freeradius 0.2
livingston radius 2.0
openradius openradius 0.9
icradius icradius 0.18.1
ascend radius 1.16
xtradius xtradius 1.1_pre1
yard_radius yard_radius 1.0_pre13
icradius icradius 0.17
icradius icradius 0.17b
livingston radius 2.0.1
radiusclient radiusclient 0.3.1
icradius icradius 0.14
icradius icradius 0.16
yard_radius yard_radius 1.0_pre15
freeradius freeradius 0.3
yard_radius yard_radius 1.0.17
gnu radius 0.92.1
miquel_van_smoorenburg_cistron radius 1.6.5
openradius openradius 0.9.1
miquel_van_smoorenburg_cistron radius 1.6.1
miquel_van_smoorenburg_cistron radius 1.6.3
icradius icradius 0.15
livingston radius 2.1
CVE-2001-1377 MEDIUM

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yard_radius yard_radius 1.0.19
yard_radius yard_radius 1.0_pre14
miquel_van_smoorenburg_cistron radius 1.6.4
gnu radius 0.93
openradius openradius 0.9.2
icradius icradius 0.18
lucent radius 2.0.1
lucent radius 2.1
gnu radius 0.94
miquel_van_smoorenburg_cistron radius 1.6_.0
openradius openradius 0.9.3
gnu radius 0.95
yard_radius yard_radius 1.0.18
lucent radius 2.0
miquel_van_smoorenburg_cistron radius 1.6.2
openradius openradius 0.8
yard_radius_project yard_radius 1.0.16
freeradius freeradius 0.2
livingston radius 2.0
openradius openradius 0.9
xtradius xtradius 1.1_pre2
icradius icradius 0.18.1
xtradius xtradius 1.1_pre1
yard_radius yard_radius 1.0_pre13
icradius icradius 0.17
icradius icradius 0.17b
livingston radius 2.0.1
radiusclient radiusclient 0.3.1
icradius icradius 0.14
icradius icradius 0.16
yard_radius yard_radius 1.0_pre15
freeradius freeradius 0.3
yard_radius yard_radius 1.0.17
gnu radius 0.92.1
miquel_van_smoorenburg_cistron radius 1.6.5
openradius openradius 0.9.1
miquel_van_smoorenburg_cistron radius 1.6.1
miquel_van_smoorenburg_cistron radius 1.6.3
icradius icradius 0.15
livingston radius 2.1
CVE-2002-0003 HIGH

Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu groff *
CVE-2002-0044 LOW

GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.2
redhat linux 7.1
gnu enscript *
debian debian_linux 2.2
redhat linux 6.1
redhat linux 6.0
redhat linux 7.0
redhat linux 7.2
CVE-2002-0062 HIGH

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
suse suse_linux 6.3
freebsd freebsd 3.5.1
freebsd freebsd 3.3
freebsd freebsd 3.2
suse suse_linux 7.0
redhat linux 6.1
freebsd freebsd 3.5
freebsd freebsd 3.1
gnu ncurses *
freebsd freebsd 3.4
freebsd freebsd 4.0
redhat linux 7.1
freebsd freebsd 4.1
debian debian_linux 2.2
redhat linux 7.0
redhat linux 7.2
freebsd freebsd 4.1.1
suse suse_linux 6.2
freebsd freebsd 5.0
CVE-2002-0178 HIGH

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu sharutils 4.2
CVE-2002-0204 HIGH

Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu chess *
CVE-2002-0388 HIGH

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2002-0389 LOW

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2002-0399 MEDIUM

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu tar 1.13.25
CVE-2002-0435 LOW

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fileutils 4.1.6
gnu fileutils 4.0
gnu fileutils 4.1
CVE-2002-0684 HIGH

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.8
gnu glibc *
CVE-2002-0855 HIGH

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.0.12
CVE-2002-1146 MEDIUM

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2002-1216 MEDIUM

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu tar 1.13.19
gnu tar *
CVE-2002-1265 MEDIUM

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.16f
apple mac_os_x 10.1
sgi irix 6.5.6
gnu glibc 2.2.1
apple mac_os_x 10.2
sgi irix 6.5.9
gnu glibc 2.1.1.6
gnu glibc 2.2
apple mac_os_x 10.1.4
gnu glibc 2.3
gnu glibc 2.1.1
sgi irix 6.5.5
sgi irix 6.5.17f
sgi irix 6.5.8
sgi irix 6.5.13
gnu glibc 2.0.6
sgi irix 6.5.3
gnu glibc 2.1.3
gnu glibc 2.2.5
sgi irix 6.5.14m
apple mac_os_x_server 10.0
apple mac_os_x 10.0.3
apple mac_os_x 10.2.1
apple mac_os_x 10.1.1
apple mac_os_x 10.1.3
sgi irix 6.5.15f
sgi irix 6.5.14f
sgi irix 6.5.7
gnu glibc 2.0.2
apple mac_os_x 10.0.2
gnu glibc 2.0
gnu glibc 2.0.4
apple mac_os_x 10.1.5
sgi irix 6.5.11
gnu glibc 2.2.3
sgi irix 6.5.15m
sgi irix 6.5.16m
gnu glibc 2.2.4
gnu glibc 2.0.3
sgi irix 6.5.17m
apple mac_os_x_server 10.2
apple mac_os_x 10.0
apple mac_os_x 10.1.2
sgi irix 6.5
sgi irix 6.5.12
apple mac_os_x 10.0.4
gnu glibc 2.0.1
sgi irix 6.5.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.2.2
sgi irix 6.5.4
gnu glibc 2.1.3.10
apple mac_os_x 10.0.1
apple mac_os_x_server 10.2.1
sgi irix 2.3.1
sgi irix 6.5.2
gnu glibc 2.0.5
sgi irix 6.5.10
CVE-2002-1344 MEDIUM

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.8.2
gnu wget 1.8
gnu wget 1.7
gnu wget 1.7.1
sun cobalt_raq_xtr *
gnu wget 1.6
gnu wget 1.8.1
gnu wget 1.5.3
CVE-2002-1602 MEDIUM

Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu screen 3.9.10
gnu screen 3.9.4
gnu screen 3.9.8
gnu screen 3.9.9
gnu screen 3.9.11
CVE-2002-2099 HIGH

Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu data_display_debugger 3.3.1
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mit kerberos_5 1.2.5
sun solaris 2.5.1
sgi irix 6.5.6
sun sunos 5.7
cray unicos 6.0e
sgi irix 6.5.3f
cray unicos 9.2.4
sgi irix 6.5.13m
openafs openafs 1.0.4a
sgi irix 6.5.9
hp hp-ux 11.20
gnu glibc 2.2
gnu glibc 2.3
hp hp-ux 11.00
freebsd freebsd 5.0
gnu glibc 2.3.2
sgi irix 6.5.5
openafs openafs 1.1
sgi irix 6.5.13
openafs openafs 1.0.1
sgi irix 6.5.16
openafs openafs 1.3
freebsd freebsd 4.0
sgi irix 6.5.18f
openbsd openbsd 3.1
sgi irix 6.5.5m
sgi irix 6.5.14m
cray unicos 8.0
openbsd openbsd 2.7
sgi irix 6.5.18m
openbsd openbsd 2.8
openafs openafs 1.0.3
freebsd freebsd 4.2
openafs openafs 1.2.1
sgi irix 6.5.15f
sgi irix 6.5.14f
openafs openafs 1.3.2
sgi irix 6.5.15
sgi irix 6.5.4m
hp hp-ux 10.20
sgi irix 6.5.15m
sgi irix 6.5.17
openafs openafs 1.2.2
mit kerberos_5 1.2.4
sun sunos 5.8
sgi irix 6.5.17m
cray unicos 6.0
sgi irix 6.5.12m
sgi irix 6.5.12f
sgi irix 6.5.10m
hp hp-ux 11.22
sgi irix 6.5.18
sgi irix 6.5.2f
sun solaris 7.0
sgi irix 6.5.1
gnu glibc 2.2.2
sgi irix 6.5.4
freebsd freebsd 4.7
freebsd freebsd 4.5
openbsd openbsd 2.4
sgi irix 6.5.10
gnu glibc 2.3.1
sgi irix 6.5.16f
sgi irix 6.5.8f
mit kerberos_5 1.2.2
ibm aix 5.2
gnu glibc 2.2.1
mit kerberos_5 1.2.1
openafs openafs 1.0
ibm aix 4.3.3
openafs openafs 1.2.4
sgi irix 6.5.2m
cray unicos 8.3
sun sunos 5.5.1
sgi irix 6.5.4f
sgi irix 6.5.8m
sun sunos -
gnu glibc 2.1.1
freebsd freebsd 4.6.2
sgi irix 6.5.6m
sun solaris 2.6
openafs openafs 1.2.6
hp hp-ux 11.04
sgi irix 6.5.17f
openafs openafs 1.2.5
sgi irix 6.5.8
openbsd openbsd 2.9
sgi irix 6.5.13f
sgi irix 6.5.7f
freebsd freebsd 4.4
hp hp-ux_series_700 10.20
openafs openafs 1.1.1
sgi irix 6.5.3
cray unicos 7.0
gnu glibc 2.1.3
openbsd openbsd 2.5
gnu glibc 2.2.5
openafs openafs 1.0.2
cray unicos 9.0
openafs openafs 1.2.2a
openbsd openbsd 2.0
freebsd freebsd 4.1.1
sgi irix 6.5.11f
sgi irix 6.5.6f
cray unicos 6.1
openafs openafs 1.0.4
openafs openafs 1.2.2b
openbsd openbsd 2.6
sgi irix 6.5.10f
sgi irix 6.5.3m
openbsd openbsd 2.1
sgi irix 6.5.20
openbsd openbsd 3.0
openbsd openbsd 2.2
cray unicos 9.2
sgi irix 6.5.7
freebsd freebsd 4.6
sgi irix 6.5.5f
hp hp-ux_series_800 10.20
sgi irix 6.5.11
freebsd freebsd 4.1
gnu glibc 2.2.3
sgi irix 6.5.16m
gnu glibc 2.2.4
sun solaris 8.0
sgi irix 6.5.7m
openafs openafs 1.2
sgi irix 6.5.19
cray unicos 9.0.2.5
sgi irix 6.5
openbsd openbsd 3.2
sgi irix 6.5.12
hp hp-ux 10.24
sun solaris 9.0
sgi irix 6.5.9m
gnu glibc 2.1
gnu glibc 2.1.2
openafs openafs 1.3.1
sgi irix 6.5.9f
mit kerberos_5 1.2.3
freebsd freebsd 4.3
hp hp-ux 11.11
mit kerberos_5 1.2
sgi irix 6.5.14
mit kerberos_5 1.2.6
sgi irix 6.5.11m
ibm aix 5.1
openbsd openbsd 2.3
sgi irix 6.5.2
openafs openafs 1.1.1a
openafs openafs 1.2.3
mit kerberos_5 1.2.7
CVE-2003-0038 MEDIUM

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1
CVE-2003-0255 HIGH

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard *
CVE-2003-0367 LOW

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 3.0
debian debian_linux 2.2
gnu gzip *
CVE-2003-0795 MEDIUM

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
quagga quagga 0.95
gnu zebra 0.92a
gnu zebra 0.93b
quagga quagga 0.96
gnu zebra 0.91a
sgi propack 2.3
quagga quagga 0.96.1
sgi propack 2.2.1
quagga quagga 0.96.2
quagga quagga *
gnu zebra 0.93a
CVE-2003-0826 HIGH

lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu lsh 1.4.1
gnu lsh 1.4.2
gnu lsh 1.4
CVE-2003-0849 HIGH

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 2.0.3
gnu cfengine 2.0.4
gnu cfengine 2.0.2
gnu cfengine 2.1.0
gnu cfengine 2.0.0
gnu cfengine 2.0.6
gnu cfengine 2.0.7
gnu cfengine 2.0.1
gnu cfengine 2.0.5
CVE-2003-0853 MEDIUM

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fileutils 4.0.36
washington_university wu-ftpd 2.4.2_beta18_vr15
washington_university wu-ftpd 2.4.2_beta2
washington_university wu-ftpd 2.4.2_beta18_vr7
washington_university wu-ftpd 2.4.2_beta18_vr9
washington_university wu-ftpd 2.4.1
washington_university wu-ftpd 2.4.2_beta18_vr6
washington_university wu-ftpd 2.4.2_beta18_vr4
washington_university wu-ftpd 2.4.2_vr17
washington_university wu-ftpd 2.4.2_beta18_vr5
gnu fileutils 4.0
gnu fileutils 4.1
washington_university wu-ftpd 2.4.2_beta18_vr13
washington_university wu-ftpd 2.4.2_beta18_vr8
washington_university wu-ftpd 2.4.2_beta18_vr11
washington_university wu-ftpd 2.4.2_beta18
washington_university wu-ftpd 2.5.0
washington_university wu-ftpd 2.6.0
gnu fileutils 4.1.6
washington_university wu-ftpd 2.4.2_beta18_vr10
washington_university wu-ftpd 2.6.1
washington_university wu-ftpd 2.4.2_beta18_vr14
washington_university wu-ftpd 2.4.2_beta18_vr12
washington_university wu-ftpd 2.6.2
washington_university wu-ftpd 2.4.2_vr16
gnu fileutils 4.1.7
CVE-2003-0854 LOW

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu fileutils 4.0.36
washington_university wu-ftpd 2.4.2_beta18_vr15
washington_university wu-ftpd 2.4.2_beta2
washington_university wu-ftpd 2.4.2_beta18_vr7
washington_university wu-ftpd 2.4.2_beta18_vr9
washington_university wu-ftpd 2.4.1
washington_university wu-ftpd 2.4.2_beta18_vr6
washington_university wu-ftpd 2.4.2_beta18_vr4
washington_university wu-ftpd 2.4.2_vr17
washington_university wu-ftpd 2.4.2_beta18_vr5
gnu fileutils 4.0
gnu fileutils 4.1
washington_university wu-ftpd 2.4.2_beta18_vr13
washington_university wu-ftpd 2.4.2_beta18_vr8
washington_university wu-ftpd 2.4.2_beta18_vr11
washington_university wu-ftpd 2.4.2_beta18
washington_university wu-ftpd 2.5.0
washington_university wu-ftpd 2.6.0
gnu fileutils 4.1.6
washington_university wu-ftpd 2.4.2_beta18_vr10
washington_university wu-ftpd 2.6.1
washington_university wu-ftpd 2.4.2_beta18_vr14
washington_university wu-ftpd 2.4.2_beta18_vr12
washington_university wu-ftpd 2.6.2
washington_university wu-ftpd 2.4.2_vr16
gnu fileutils 4.1.7
CVE-2003-0858 LOW

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
quagga quagga_routing_software_suite *
gnu zebra *
CVE-2003-0859 MEDIUM

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.3.2
gnu zebra 0.92a
redhat enterprise_linux 2.1
gnu zebra 0.91a
intel ia64 *
gnu zebra 0.93a
gnu zebra 0.93b
quagga quagga_routing_software_suite 0.96.2
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 3.0
sgi propack 2.3
sgi propack 2.2.1
CVE-2003-0965 MEDIUM

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2003-0971 MEDIUM

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.2.3
gnu privacy_guard 1.0.4
gnu privacy_guard 1.0.7
gnu privacy_guard 1.2.2
gnu privacy_guard 1.0.3b
gnu privacy_guard 1.0.5
gnu privacy_guard 1.2
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.2.1
gnu privacy_guard 1.0.6
CVE-2003-0972 HIGH

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu screen 3.9.10
gnu screen 3.9.15
gnu screen 4.0.1
gnu screen 3.9.13
gnu screen 3.9.4
gnu screen 3.9.8
gnu screen 3.9.9
gnu screen 3.9.11
CVE-2003-0978 HIGH

Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.2.3
gnu privacy_guard 1.2.2
gnu privacy_guard 1.2
gnu privacy_guard 1.2.1
gnu privacy_guard 1.3.3
CVE-2003-0991 MEDIUM

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1
gnu mailman 1.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.3
gnu mailman 2.0.4
gnu mailman 2.0
gnu mailman 2.0.11
gnu mailman 2.0.1
gnu mailman 2.0.6
sgi propack 2.3
gnu mailman 2.0.8
gnu mailman 1.0
CVE-2003-0992 MEDIUM

Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2003-1232 MEDIUM

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 21.2.1
CVE-2004-0131 MEDIUM

The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu radius 1.1
CVE-2004-0182 MEDIUM

Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2004-0256 LOW

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu libtool 1.1
gnu libtool 1.3.3
gnu libtool 1.3
gnu libtool 1.4
gnu libtool 1.0
gnu libtool 1.5
gnu libtool 1.3.5
gnu libtool 1.3.2
gnu libtool 1.4.2
gnu libtool 1.4.1
gnu libtool 1.4.3
gnu libtool 1.2
gnu libtool 1.3.4
CVE-2004-0353 HIGH

Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu anubis 3.6.0
gnu anubis 3.9.92
gnu anubis 3.6.1
gnu anubis 3.9.93
gnu anubis 3.6.2
CVE-2004-0354 HIGH

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu anubis 3.6.0
gnu anubis 3.9.92
gnu anubis 3.6.1
gnu anubis 3.9.93
gnu anubis 3.6.2
CVE-2004-0412 MEDIUM

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.4
gnu mailman 2.1
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.1.2
gnu mailman 2.1b1
CVE-2004-0422 LOW

flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu flim *
CVE-2004-0548 HIGH

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu aspell 0.50.5
gentoo linux 1.4
CVE-2004-0555 HIGH

Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu queue 1.12.7
gnu queue 1.12.9
gnu queue 1.12.8
gnu queue 1.20.2
gnu queue 1.20.1
gnu queue 1.20.0
CVE-2004-0576 MEDIUM

The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu radius 1.1
CVE-2004-0581 MEDIUM

ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu ksymoops 2.4.5
mandrakesoft mandrake_linux 9.1
gnu ksymoops 2.4.9
gnu ksymoops 2.4.8
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
CVE-2004-0603 HIGH

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gzip *
CVE-2004-0623 HIGH

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnats 3.14b
gnu gnats 3.113.1
gnu gnats 3.2
gnu gnats 3.0_02
gnu gnats 3.113.1.6
gnu gnats 3.113
gnu gnats 4.0
CVE-2004-0778 MEDIUM

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
gnu cvs *
CVE-2004-0849 MEDIUM

Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu radius 0.96
gnu radius 1.2
gnu radius 0.94
gnu radius 0.93
gnu radius 0.95
gnu radius 0.92.1
gnu radius 1.1
CVE-2004-0966 LOW

The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gettext 0.14.1
ubuntu ubuntu_linux 4.1
CVE-2004-0968 LOW

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.3
redhat enterprise_linux 3.0
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.1.3.10
redhat enterprise_linux_desktop 3.0
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2004-0969 LOW

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu groff 1.19
gentoo linux *
ubuntu ubuntu_linux 4.1
CVE-2004-0970 LOW

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gzip 1.2.4a
CVE-2004-0984 HIGH

Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils *
CVE-2004-1143 HIGH

The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1
gnu mailman 1.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.3
gnu mailman 2.1.2
gnu mailman 2.1b1
gnu mailman 2.0.4
gnu mailman 2.1.4
gnu mailman 2.0
gnu mailman 2.0.11
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.0.1
gnu mailman 2.0.6
gnu mailman 2.0.8
gnu mailman 1.0
CVE-2004-1170 HIGH

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.1
sun java_desktop_system 2003
gnu a2ps 4.13
sun java_desktop_system 2.0
suse suse_linux 8
suse suse_linux 8.1
suse suse_linux 8.2
suse suse_linux 9.0
gnu a2ps 4.13b
CVE-2004-1177 MEDIUM

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1
gnu mailman 1.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.3
gnu mailman 2.1.2
gnu mailman 2.1b1
gnu mailman 2.0.4
gnu mailman 2.1.4
gnu mailman 2.0
gnu mailman 2.0.11
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.0.1
gnu mailman 2.0.6
gnu mailman 2.0.8
gnu mailman 1.0
CVE-2004-1184 MEDIUM

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 6.3
gnu enscript 1.6.3
gnu enscript 1.5
suse suse_linux 7.0
suse suse_linux 6.4
suse suse_linux 4.4
suse suse_linux 8.0
suse suse_linux 5.2
suse suse_linux 8.1
gnu enscript 1.4
suse suse_linux 1.0
suse suse_linux 6.1
suse suse_linux 4.0
suse suse_linux 9.1
suse suse_linux 5.3
redhat fedora_core core_2.0
suse suse_linux 4.3
gnu enscript 1.6.4
suse suse_linux 4.2
suse suse_linux 5.0
suse suse_linux 6.2
suse suse_linux 7.2
suse suse_linux 9.2
suse suse_linux 2.0
sgi propack 3.0
suse suse_linux 9.0
redhat fedora_core core_3.0
gnu enscript 1.6
suse suse_linux 5.1
suse suse_linux 6.0
gnu enscript 1.6.1
gnu enscript 1.6.2
suse suse_linux 7.1
suse suse_linux 8.2
suse suse_linux 4.4.1
suse suse_linux 7.3
suse suse_linux 3.0
CVE-2004-1185 HIGH

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu enscript 1.6.3
gnu enscript 1.6.1
gnu enscript 1.6.0
gnu enscript 1.5.0
gnu enscript 1.6.2
gnu enscript 1.3.0
gnu enscript 1.4.0
CVE-2004-1186 MEDIUM

Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu enscript 1.6.3
CVE-2004-1337 HIGH

The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 10.0
ubuntu ubuntu_linux 4.1
gnu realtime_linux_security_module 0.8.7
CVE-2004-1349 LOW

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
gnu gzip *
oracle solaris 8
CVE-2004-1377 LOW

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
turbolinux turbolinux_server 8.0
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_server 7.0
turbolinux turbolinux_workstation 7.0
gnu a2ps 4.13
turbolinux turbolinux_home *
gnu a2ps 4.13b
CVE-2004-1382 LOW

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.1.3.10
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2004-1453 LOW

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.1.3.10
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2004-1487 MEDIUM

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.8.2
gnu wget 1.8
gnu wget 1.8.1
gnu wget 1.9.1
gnu wget 1.9
CVE-2004-1488 MEDIUM

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.8.2
gnu wget 1.8
gnu wget 1.8.1
gnu wget 1.9.1
gnu wget 1.9
CVE-2004-1701 HIGH

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 2.0.3
gnu cfengine 2.0.4
gnu cfengine 2.0.2
gnu cfengine 2.1.0
gnu cfengine 2.0.0
gnu cfengine 2.0.6
gnu cfengine 2.0.7
gnu cfengine 2.1.7
gnu cfengine 2.0.1
gnu cfengine 2.0.5
gnu cfengine 2.0.8
CVE-2004-1702 MEDIUM

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 2.0.3
gnu cfengine 2.0.4
gnu cfengine 2.0.2
gnu cfengine 2.1.0
gnu cfengine 2.0.0
gnu cfengine 2.0.6
gnu cfengine 2.0.7
gnu cfengine 2.1.7
gnu cfengine 2.0.1
gnu cfengine 2.0.5
gnu cfengine 2.0.8
CVE-2004-1772 MEDIUM

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu sharutils 4.2
gnu sharutils 4.2.1
CVE-2004-1773 HIGH

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu sharutils 4.2
gnu sharutils 4.2.1
CVE-2004-2014 LOW

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.8.2
gnu wget 1.8
gnu wget 1.7
gnu wget 1.7.1
gnu wget 1.6
gnu wget 1.8.1
gnu wget 1.9.1
gnu wget 1.9
gnu wget 1.5.3
CVE-2004-2264 MEDIUM

Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu less 381
gnu less 382
gnu less 358
CVE-2004-2459 LOW

Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnubiff 1.0.6
gnu gnubiff 1.0.4
gnu gnubiff 1.2.0
gnu gnubiff 1.0.5
gnu gnubiff 1.0.10
gnu gnubiff 1.0.3
gnu gnubiff 1.0.7
gnu gnubiff 1.0.8
gnu gnubiff 1.0.9
CVE-2004-2460 MEDIUM

Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnubiff 1.0.6
gnu gnubiff 1.0.4
gnu gnubiff 1.2.0
gnu gnubiff 1.0.5
gnu gnubiff 1.0.10
gnu gnubiff 1.0.3
gnu gnubiff 1.0.7
gnu gnubiff 1.0.8
gnu gnubiff 1.0.9
gnu gnubiff 1.4.0
CVE-2004-2461 HIGH

Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnubiff 1.0.6
gnu gnubiff 1.0.4
gnu gnubiff 1.2.0
gnu gnubiff 1.0.5
gnu gnubiff 1.0.10
gnu gnubiff 1.0.3
gnu gnubiff 1.0.7
gnu gnubiff 1.0.8
gnu gnubiff 1.0.9
gnu gnubiff 1.4.0
CVE-2004-2531 HIGH

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnutls 1.0.16
CVE-2005-0080 MEDIUM

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
ubuntu ubuntu_linux 4.10
CVE-2005-0100 HIGH

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 21.3
gnu emacs *
gnu xemacs *
CVE-2005-0202 MEDIUM

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.4
gnu mailman 2.1.5
gnu mailman 2.1
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.1.2
gnu mailman 2.1b1
CVE-2005-0758 MEDIUM

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 4.10
canonical ubuntu_linux 5.04
gnu gzip *
CVE-2005-0988 LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gzip 1.2.4
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_appliance_server 1.0_hosting
turbolinux turbolinux_workstation 8.0
trustix secure_linux 2.2
turbolinux turbolinux_server 7.0
redhat enterprise_linux 2.1
trustix secure_linux 2.0
freebsd freebsd 4.6
freebsd freebsd 5.4
freebsd freebsd 4.1
ubuntu ubuntu_linux 5.04
freebsd freebsd 4.10
redhat enterprise_linux 4.0
turbolinux turbolinux_workstation 7.0
redhat linux_advanced_workstation 2.1
trustix secure_linux 2.1
redhat enterprise_linux 3.0
freebsd freebsd 5.0
freebsd freebsd 4.6.2
freebsd freebsd 4.11
freebsd freebsd 5.1
gentoo linux *
freebsd freebsd 4.4
turbolinux turbolinux_desktop 10.0
freebsd freebsd 5.2.1
freebsd freebsd 5.3
freebsd freebsd 4.7
gnu gzip 1.3.3
freebsd freebsd 4.0
redhat enterprise_linux_desktop 3.0
freebsd freebsd 4.3
freebsd freebsd 4.5
turbolinux turbolinux_server 8.0
gnu gzip 1.2.4a
freebsd freebsd 4.9
freebsd freebsd 5.2
turbolinux turbolinux_home *
freebsd freebsd 4.1.1
freebsd freebsd 4.8
turbolinux turbolinux_server 10.0
turbolinux turbolinux_appliance_server 1.0_workgroup
ubuntu ubuntu_linux 4.1
freebsd freebsd 4.2
CVE-2005-0990 LOW

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu sharutils 4.2.1
CVE-2005-1039 LOW

Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu coreutils 5.2.1
CVE-2005-1111 LOW

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,CWE-367,

Products Affected

Vendor Product Version
debian debian_linux 3.1
debian debian_linux 3.0
canonical ubuntu_linux 4.10
canonical ubuntu_linux 5.04
gnu cpio *
CVE-2005-1228 MEDIUM

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gzip 1.2.4
gnu gzip 1.3.3
CVE-2005-1229 MEDIUM

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cpio *
CVE-2005-1431 MEDIUM

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.18
gnu gnutls 1.2.1
gnu gnutls 1.0.23
gnu gnutls 1.2.2
gnu gnutls 1.0.22
gnu gnutls 1.0.24
gnu gnutls 1.2.0
gnu gnutls 1.0.21
CVE-2005-1520 HIGH

Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 0.6
gnu mailutils 0.5
CVE-2005-1521 HIGH

Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 0.6
gnu mailutils 0.5
CVE-2005-1522 MEDIUM

The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 0.6
gnu mailutils 0.5
CVE-2005-1523 HIGH

Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 0.6
gnu mailutils 0.5
CVE-2005-1704 MEDIUM

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gdb *
CVE-2005-1705 HIGH

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gdb *
CVE-2005-1824 HIGH

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 1.0.6.1.1
CVE-2005-1918 LOW

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu tar 1.13.25
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
CVE-2005-2180 LOW

gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnats 4.1.0
gnu gnats 4.0
CVE-2005-2397 MEDIUM

Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu phpbook 1.46
CVE-2005-2541 HIGH

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu tar 1.15.1
CVE-2005-2878 HIGH

Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailutils 0.6
CVE-2005-2960 LOW

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 2.0.4
gnu cfengine 1.6.5
gnu cfengine 2.1.9
gnu cfengine 2.1.16
gnu cfengine 2.0.6
gnu cfengine 2.0.7
gnu cfengine 2.1.7
gnu cfengine 2.0.1
gnu cfengine 2.0.5
gnu cfengine 1.5.3-4
gnu cfengine 2.0.3
debian debian_linux 3.1
gnu cfengine 2.0.2
gnu cfengine 2.1.8
gnu cfengine 2.1.0
gnu cfengine 2.0.0
gnu cfengine 1.5
gnu cfengine 1.6
gnu cfengine 2.0.8
CVE-2005-3011 LOW

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu texinfo *
CVE-2005-3123 MEDIUM

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9
gnu gnump3d 2.9.5
gnu gnump3d 2.9.4
gnu gnump3d 2.9.3
CVE-2005-3137 LOW

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cfengine 1.6.5
CVE-2005-3349 LOW

GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9
gnu gnump3d 2.9.6
gnu gnump3d 2.9.5
gnu gnump3d 2.9.4
gnu gnump3d *
gnu gnump3d 2.9.3
CVE-2005-3355 MEDIUM

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9
gnu gnump3d 2.9.6
gnu gnump3d 2.9.5
gnu gnump3d 2.9.4
gnu gnump3d 2.9.7
gnu gnump3d 2.9.3
CVE-2005-3424 MEDIUM

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnump3d 2.4
gnu gnump3d 2.9.1
gnu gnump3d 2.5
gnu gnump3d 2.2
gnu gnump3d 2.7
gnu gnump3d 2.5b
gnu gnump3d 2.3
gnu gnump3d 2.9.2
gnu gnump3d 2.9
gnu gnump3d 2.0
gnu gnump3d 2.8
gnu gnump3d 2.1
gnu gnump3d 2.9.4
gnu gnump3d 2.6
gnu gnump3d 2.9.3
CVE-2005-3425 MEDIUM

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnump3d 2.4
gnu gnump3d 2.9.1
gnu gnump3d 2.5
gnu gnump3d 2.2
gnu gnump3d 2.7
gnu gnump3d 2.5b
gnu gnump3d 2.3
gnu gnump3d 2.9.2
gnu gnump3d 2.9
gnu gnump3d 2.0
gnu gnump3d 2.9.5
gnu gnump3d 2.8
gnu gnump3d 2.1
gnu gnump3d 2.9.4
gnu gnump3d 2.6
gnu gnump3d 2.9.3
CVE-2005-3573 MEDIUM

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
gnu mailman 2.1.5.8
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.14
gnu mailman 2.0.3
gnu mailman 2.1.2
gnu mailman 2.0.4
gnu mailman 2.1.4
gnu mailman 2.0
gnu mailman 2.0.11
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.0.1
gnu mailman 2.0.6
gnu mailman 2.0.8
CVE-2005-4153 HIGH

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.4
gnu mailman 2.1.5
gnu mailman 2.1.6
CVE-2005-4268 LOW

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu cpio 2.6-8
CVE-2005-4807 HIGH

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 5.04
canonical ubuntu_linux 5.10
gnu binutils *
CVE-2005-4808 HIGH

Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 5.10
gnu binutils *
CVE-2006-0049 MEDIUM

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.4.1
gnu privacy_guard 1.4
gnu privacy_guard 1.2.4
gnu privacy_guard 1.2.6
gnu privacy_guard 1.0
gnu privacy_guard 1.4.2
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.3.4
gnu privacy_guard 1.0.1
gnu privacy_guard 1.2.7
gnu privacy_guard 1.3.3
gnu privacy_guard 1.2.3
gnu privacy_guard 1.0.4
gnu privacy_guard 1.0.7
gnu privacy_guard 1.2.2
gnu privacy_guard 1.0.3b
gnu privacy_guard 1.0.5
gnu privacy_guard 1.2.5
gnu privacy_guard 1.2
gnu privacy_guard 1.2.1
gnu privacy_guard 1.0.6
gnu privacy_guard 1.4.2.1
CVE-2006-0052 MEDIUM

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1.2
gnu mailman 2.1b1
gnu mailman 2.0.1
gnu mailman 2.0.8
gnu mailman 1.0
gnu mailman 2.1
gnu mailman 1.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.14
gnu mailman 2.0.3
gnu mailman 2.0.4
gnu mailman 2.1.4
gnu mailman 2.0
gnu mailman 2.0.11
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.0.6
CVE-2006-0075 HIGH

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu phpbook 1.2
gnu phpbook 1.1
gnu phpbook *
gnu phpbook 1.3
gnu phpbook 1.0
CVE-2006-0300 MEDIUM

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu tar 1.15.90
gnu tar 1.14
gnu tar 1.15.1
gnu tar 1.14.1
gnu tar 1.15
CVE-2006-0353 LOW

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu lsh 2.0.1
CVE-2006-0455 MEDIUM

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu privacy_guard 1.4.1
gnu privacy_guard 1.4
gnu privacy_guard 1.2.4
gnu privacy_guard 1.2.6
gnu privacy_guard 1.0
gnu privacy_guard 1.4.2
gnu privacy_guard 1.0.2
gnu privacy_guard 1.0.3
gnu privacy_guard 1.3.4
gnu privacy_guard 1.0.1
gnu privacy_guard 1.2.7
gnu privacy_guard 1.3.3
gnu privacy_guard 1.2.3
gnu privacy_guard 1.0.4
gnu privacy_guard 1.0.7
gnu privacy_guard 1.2.2
gnu privacy_guard 1.0.3b
gnu privacy_guard 1.0.5
gnu privacy_guard 1.2.5
gnu privacy_guard 1.2
gnu privacy_guard 1.2.1
gnu privacy_guard 1.0.6
CVE-2006-1712 LOW

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman 2.1.7
CVE-2006-1902 LOW

fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gcc 4.1
CVE-2006-2191 HIGH

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2006-2362 HIGH

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2006-7239 MEDIUM

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.2.10
gnu gnutls 1.3.3
gnu gnutls 1.3.5
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.1.21
gnu gnutls 1.0.25
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.9
gnu gnutls 1.0.24
gnu gnutls 1.2.0
gnu gnutls 1.0.21
gnu gnutls 1.2.6
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 1.2.8.1a1
gnu gnutls 1.1.17
gnu gnutls *
gnu gnutls 1.2.1
gnu gnutls 1.2.11
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.2.5
gnu gnutls 1.2.4
gnu gnutls 1.3.4
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 1.1.13
gnu gnutls 1.2.7
gnu gnutls 1.0.20
gnu gnutls 1.2.8
gnu gnutls 1.0.17
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 1.4.0
gnu gnutls 1.1.18
gnu gnutls 1.0.16
gnu gnutls 1.1.16
gnu gnutls 1.3.0
CVE-2007-3048 HIGH

GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu screen 4.0.3
CVE-2007-3741 MEDIUM

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gimp *
CVE-2008-1367 HIGH

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu gcc 4.3
CVE-2008-1685 MEDIUM

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-189,

Products Affected

Vendor Product Version
gnu gcc 4.2.0
gnu gcc 4.2.1
gnu gcc 4.3.0
gnu gcc 4.2.3
gnu gcc 4.2.2
gnu gcc 4.2.4
CVE-2008-1948 HIGH

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu gnutls 1.1.21
gnu gnutls 2.2.4
gnu gnutls 1.1.17
gnu gnutls 1.7.10
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.4.2
gnu gnutls 1.7.12
gnu gnutls 2.3.9
gnu gnutls 2.3.1
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 2.1.2
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 1.6.0
gnu gnutls 1.5.3
gnu gnutls 1.1.13
gnu gnutls 1.4.0
gnu gnutls 1.7.9
gnu gnutls 1.7.3
gnu gnutls 1.1.16
gnu gnutls 2.1.8
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu gnutls 1.6.1
gnu gnutls 1.2.0
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls 1.2.1
gnu gnutls 2.3.0
gnu gnutls 1.2.4
gnu gnutls 1.4.3
gnu gnutls 1.3.4
gnu gnutls 1.7.11
gnu gnutls 2.2.1
gnu gnutls 1.2.7
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 1.5.5
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 2.1.3
gnu gnutls 1.7.1
gnu gnutls 1.6.3
gnu gnutls 1.4.5
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 1.3.5
gnu gnutls 1.2.9
gnu gnutls 1.0.24
gnu gnutls 1.5.4
gnu gnutls 1.2.6
gnu gnutls 2.0.3
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 1.2.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.17
gnu gnutls 1.4.4
gnu gnutls 1.7.13
gnu gnutls 2.3.10
gnu gnutls 2.0.2
gnu gnutls 1.7.2
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.2.10
gnu gnutls 1.4.1
gnu gnutls 1.5.1
gnu gnutls 1.0.25
gnu gnutls 1.2.3
gnu gnutls 1.7.14
gnu gnutls 1.7.18
gnu gnutls 1.2.11
gnu gnutls 2.1.0
gnu gnutls 2.3.8
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 1.7.19
gnu gnutls 2.2.5
gnu gnutls 1.6.2
gnu gnutls 1.7.5
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu gnutls 2.1.5
CVE-2008-1949 HIGH

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu gnutls 1.1.21
gnu gnutls 2.2.4
gnu gnutls 1.1.17
gnu gnutls 1.7.10
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.4.2
gnu gnutls 1.7.12
gnu gnutls 2.3.9
gnu gnutls 2.3.1
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 2.1.2
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 1.6.0
gnu gnutls 1.5.3
gnu gnutls 1.1.13
gnu gnutls 1.4.0
gnu gnutls 1.7.9
gnu gnutls 1.7.3
gnu gnutls 1.1.16
gnu gnutls 2.1.8
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu gnutls 1.6.1
gnu gnutls 1.2.0
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls 1.2.1
gnu gnutls 2.3.0
gnu gnutls 1.2.4
gnu gnutls 1.4.3
gnu gnutls 1.3.4
gnu gnutls 1.7.11
gnu gnutls 2.2.1
gnu gnutls 1.2.7
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 1.5.5
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 2.1.3
gnu gnutls 1.7.1
gnu gnutls 1.6.3
gnu gnutls 1.4.5
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 1.3.5
gnu gnutls 1.2.9
gnu gnutls 1.0.24
gnu gnutls 1.5.4
gnu gnutls 1.2.6
gnu gnutls 2.0.3
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 1.2.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.17
gnu gnutls 1.4.4
gnu gnutls 1.7.13
gnu gnutls 2.3.10
gnu gnutls 2.0.2
gnu gnutls 1.7.2
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.2.10
gnu gnutls 1.4.1
gnu gnutls 1.5.1
gnu gnutls 1.0.25
gnu gnutls 1.2.3
gnu gnutls 1.7.14
gnu gnutls 1.7.18
gnu gnutls 1.2.11
gnu gnutls 2.1.0
gnu gnutls 2.3.8
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 1.7.19
gnu gnutls 2.2.5
gnu gnutls 1.6.2
gnu gnutls 1.7.5
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu gnutls 2.1.5
CVE-2008-1950 MEDIUM

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu gnutls 1.1.21
gnu gnutls 2.2.4
gnu gnutls 1.1.17
gnu gnutls 1.7.10
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.4.2
gnu gnutls 1.7.12
gnu gnutls 2.3.9
gnu gnutls 2.3.1
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 2.1.2
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 1.6.0
gnu gnutls 1.5.3
gnu gnutls 1.1.13
gnu gnutls 1.4.0
gnu gnutls 1.7.9
gnu gnutls 1.7.3
gnu gnutls 1.1.16
gnu gnutls 2.1.8
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu gnutls 1.6.1
gnu gnutls 1.2.0
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls 1.2.1
gnu gnutls 2.3.0
gnu gnutls 1.2.4
gnu gnutls 1.4.3
gnu gnutls 1.3.4
gnu gnutls 1.7.11
gnu gnutls 2.2.1
gnu gnutls 1.2.7
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 1.5.5
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 2.1.3
gnu gnutls 1.7.1
gnu gnutls 1.6.3
gnu gnutls 1.4.5
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 1.3.5
gnu gnutls 1.2.9
gnu gnutls 1.0.24
gnu gnutls 1.5.4
gnu gnutls 1.2.6
gnu gnutls 2.0.3
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 1.2.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.17
gnu gnutls 1.4.4
gnu gnutls 1.7.13
gnu gnutls 2.3.10
gnu gnutls 2.0.2
gnu gnutls 1.7.2
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.2.10
gnu gnutls 1.4.1
gnu gnutls 1.5.1
gnu gnutls 1.0.25
gnu gnutls 1.2.3
gnu gnutls 1.7.14
gnu gnutls 1.7.18
gnu gnutls 1.2.11
gnu gnutls 2.1.0
gnu gnutls 2.3.8
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 1.7.19
gnu gnutls 2.2.5
gnu gnutls 1.6.2
gnu gnutls 1.7.5
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu gnutls 2.1.5
CVE-2008-4100 MEDIUM

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
gnu adns 1.0
gnu adns 1.3
gnu adns 1.2
gnu adns 0.1
gnu adns 0.3
gnu adns 0.4
gnu adns 0.5
gnu adns 0.7
gnu adns *
gnu adns 1.1
gnu adns 0.8
gnu adns 0.2
gnu adns 0.6
gnu adns 0.9
CVE-2008-4989 MEDIUM

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
debian debian_linux 4.0
suse linux_enterprise_server 10
canonical ubuntu_linux 6.06
suse linux_enterprise 11.0
opensuse opensuse *
gnu gnutls *
fedoraproject fedora 9
fedoraproject fedora 8
suse linux_enterprise_server 11
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
suse linux_enterprise 10.0
CVE-2009-1415 MEDIUM

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2009-2409 MEDIUM

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu gnutls 1.1.21
openssl openssl 0.9.8e
mozilla nss 3.12
openssl openssl 0.9.8k
gnu gnutls 2.2.4
mozilla nss 3.7.5
gnu gnutls 1.2.8.1a1
gnu gnutls 1.1.17
gnu gnutls 1.7.10
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.4.2
gnu gnutls 1.7.12
mozilla nss 3.10
mozilla nss 3.6.1
gnu gnutls 2.3.9
gnu gnutls 2.4.1
gnu gnutls 2.3.1
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 2.1.2
gnu gnutls 2.3.3
gnu gnutls 2.0.1
mozilla nss 3.3.1
gnu gnutls 1.6.0
mozilla nss 3.6
gnu gnutls 1.5.3
gnu gnutls 1.1.13
openssl openssl 0.9.8d
mozilla nss 3.11.2
gnu gnutls 1.4.0
gnu gnutls 1.7.9
mozilla nss 3.2.1
gnu gnutls 1.7.3
gnu gnutls 1.1.16
gnu gnutls 2.1.8
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu gnutls 1.6.1
gnu gnutls 1.2.0
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 2.7.4
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls *
gnu gnutls 1.2.1
gnu gnutls 2.3.0
gnu gnutls 1.2.4
mozilla nss 3.2
gnu gnutls 1.4.3
gnu gnutls 1.3.4
mozilla nss 3.0
gnu gnutls 1.7.11
mozilla firefox *
openssl openssl 0.9.8f
mozilla nss 3.8
gnu gnutls 2.2.1
gnu gnutls 1.2.7
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
mozilla nss 3.3
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 1.5.5
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 2.1.3
gnu gnutls 1.7.1
gnu gnutls 1.6.3
gnu gnutls 1.4.5
mozilla nss 3.7
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 1.3.5
mozilla nss 3.7.3
mozilla nss 3.11.8
gnu gnutls 1.2.9
gnu gnutls 1.0.24
gnu gnutls 1.5.4
gnu gnutls 1.2.6
mozilla nss 3.9
gnu gnutls 2.0.3
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.1.7
mozilla nss 3.7.2
openssl openssl 0.9.8g
gnu gnutls 1.2.5
mozilla nss 3.7.1
mozilla nss 3.11.7
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.17
mozilla nss *
gnu gnutls 1.4.4
openssl openssl 0.9.8c
openssl openssl 0.9.8h
mozilla nss 3.11.4
gnu gnutls 1.7.13
gnu gnutls 2.3.10
gnu gnutls 2.0.2
openssl openssl 0.9.8b
gnu gnutls 1.0.17
gnu gnutls 1.7.2
gnu gnutls 2.6.1
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
mozilla nss 3.4
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.2.10
openssl openssl *
gnu gnutls 1.4.1
gnu gnutls 1.5.1
mozilla nss 3.5
gnu gnutls 1.0.25
gnu gnutls 1.2.3
openssl openssl 0.9.8i
mozilla nss 3.4.3
mozilla nss 3.12.1
gnu gnutls 1.7.14
gnu gnutls 1.7.18
mozilla nss 3.7.7
gnu gnutls 1.2.11
gnu gnutls 2.1.0
openssl openssl 0.9.8
openssl openssl 0.9.8a
gnu gnutls 2.3.8
gnu gnutls 2.4.2
mozilla nss 3.4.2
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 2.4.0
gnu gnutls 2.6.0
mozilla nss 3.9.5
mozilla nss 3.4.1
openssl openssl 0.9.8j
mozilla network_security_services *
gnu gnutls 1.7.19
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 1.0.16
gnu gnutls 1.6.2
gnu gnutls 1.7.5
mozilla nss 3.3.2
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu gnutls 2.1.5
gnu gnutls 2.5.0
CVE-2009-2624 MEDIUM

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu gzip 1.2.4
gnu gzip 1.3.2
gnu gzip 1.3
gnu gzip 1.3.1
gnu gzip 1.3.11
gnu gzip *
gnu gzip 1.3.8
gnu gzip 1.3.10
gnu gzip 1.3.3
gnu gzip 1.3.4
gnu gzip 1.3.5
gnu gzip 1.3.6
gnu gzip 1.2.4a
gnu gzip 1.3.9
gnu gzip 1.3.7
CVE-2009-3555 MEDIUM

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
debian debian_linux 4.0
openssl openssl *
mozilla nss *
canonical ubuntu_linux 10.10
debian debian_linux 7.0
fedoraproject fedora 11
fedoraproject fedora 12
canonical ubuntu_linux 9.10
debian debian_linux 5.0
f5 nginx *
canonical ubuntu_linux 9.04
fedoraproject fedora 13
canonical ubuntu_linux 10.04
gnu gnutls *
fedoraproject fedora 14
debian debian_linux 8.0
canonical ubuntu_linux 8.10
openssl openssl 1.0
apache http_server *
canonical ubuntu_linux 8.04
debian debian_linux 6.0
CVE-2009-4128 HIGH

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
gnu grub_2 1.97
CVE-2009-4135 MEDIUM

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu coreutils 5.92
gnu coreutils 6.9
gnu coreutils 7.2
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnu coreutils 7.6
gnu coreutils 6.7
gnu coreutils 6.6
fedoraproject fedora 11
fedoraproject fedora 12
gnu coreutils 6.11
gnu coreutils 5.95
gnu coreutils 8.1
gnu coreutils 7.3
gnu coreutils 7.1
gnu coreutils 5.94
gnu coreutils 6.2
gnu coreutils 5.96
gnu coreutils 5.93
gnu coreutils 6.3
gnu coreutils 6.12
gnu coreutils 5.91
gnu coreutils 6.10
canonical ubuntu_linux 10.04
gnu coreutils 5.2.1
gnu coreutils 6.5
gnu coreutils 7.5
gnu coreutils 5.97
gnu coreutils 6.4
gnu coreutils 6.8
gnu coreutils 7.4
CVE-2009-4880 MEDIUM

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 2.2.1
gnu glibc 2.3.10
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.10
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.5
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.3.5
gnu glibc 2.4
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2009-4881 MEDIUM

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 2.2.1
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 1.07
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 1.05
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 2.3
gnu glibc 1.08
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.3.5
gnu glibc 2.4
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2009-5029 MEDIUM

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.1.3
gnu glibc 2.1.1.6
gnu glibc 2.0.3
gnu glibc 2.13
gnu glibc 2.0.5
gnu glibc 2.1.1
gnu glibc 2.1.9
CVE-2009-5044 LOW

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu groff 1.15
gnu groff 1.16
gnu groff 1.18.1
gnu groff 1.11a
gnu groff 1.17.2
gnu groff 1.19.1
gnu groff 1.20
gnu groff 1.14
gnu groff 1.11
gnu groff 1.19.2
gnu groff 1.10
gnu groff 1.19
apple mac_os_x *
gnu groff 1.16.1
gnu groff 1.17.1
gnu groff *
CVE-2009-5064 MEDIUM

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 1.04
gnu glibc 2.1.2
gnu glibc 1.00
gnu glibc 2.0.6
gnu glibc 1.07
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 1.05
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 1.06
gnu glibc 2.0.3
gnu glibc 1.08
gnu glibc 2.0.5
gnu glibc 2.1.1
gnu glibc 1.09.1
CVE-2009-5078 MEDIUM

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
gnu groff 1.15
gnu groff 1.16
gnu groff 1.18.1
gnu groff 1.11a
gnu groff 1.17.2
gnu groff 1.19.1
gnu groff 1.20
gnu groff 1.14
gnu groff 1.11
gnu groff 1.19.2
gnu groff 1.10
gnu groff 1.19
apple mac_os_x *
gnu groff 1.16.1
gnu groff 1.17.1
gnu groff *
CVE-2009-5079 LOW

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu groff 1.20.1
gnu groff 1.15
gnu groff 1.16
gnu groff 1.18.1
gnu groff 1.11a
gnu groff 1.17.2
gnu groff 1.19.1
gnu groff 1.20
gnu groff 1.14
gnu groff 1.11
gnu groff 1.19.2
gnu groff 1.10
gnu groff 1.19
gnu groff 1.16.1
gnu groff 1.17.1
gnu groff *
CVE-2009-5080 LOW

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu groff 1.20.1
gnu groff 1.15
gnu groff 1.16
gnu groff 1.18.1
gnu groff 1.11a
gnu groff 1.17.2
gnu groff 1.19.1
gnu groff 1.20
gnu groff 1.14
gnu groff 1.11
gnu groff 1.19.2
gnu groff 1.10
gnu groff 1.19
gnu groff 1.16.1
gnu groff 1.17.1
gnu groff *
CVE-2009-5081 LOW

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu groff 1.20.1
gnu groff 1.15
gnu groff 1.16
gnu groff 1.18.1
gnu groff 1.11a
gnu groff 1.17.2
gnu groff 1.19.1
gnu groff 1.20
gnu groff 1.14
gnu groff 1.11
gnu groff 1.19.2
gnu groff 1.10
gnu groff 1.19
gnu groff 1.16.1
gnu groff 1.17.1
gnu groff *
CVE-2009-5082 LOW

The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu groff 1.20.1
CVE-2009-5155 MEDIUM

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp steelstore_cloud_integrated_storage -
gnu glibc *
netapp cloud_backup *
CVE-2010-0001 MEDIUM

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gzip 1.2.4
gnu gzip 1.3.2
gnu gzip 1.3
gnu gzip 1.3.1
gnu gzip 1.3.11
gnu gzip *
gnu gzip 1.3.8
gnu gzip 1.3.10
gnu gzip 1.3.3
gnu gzip 1.3.4
gnu gzip 1.3.5
gnu gzip 1.3.6
gnu gzip 1.3.12
gnu gzip 1.2.4a
gnu gzip 1.3.9
gnu gzip 1.3.7
CVE-2010-0296 HIGH

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 2.2.1
gnu glibc 2.3.10
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.10
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.3.5
gnu glibc 2.4
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2010-0624 MEDIUM

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu tar 1.13
gnu cpio 2.5
gnu tar 1.16.1
gnu tar 1.13.14
gnu cpio *
gnu tar 1.14.90
gnu cpio 1.1
gnu tar 1.19
gnu tar *
gnu tar 1.15.90
gnu tar 1.14
gnu cpio 2.8
gnu tar 1.18
gnu cpio 2.9
gnu tar 1.13.18
gnu cpio 2.4-2
gnu tar 1.13.16
gnu tar 1.13.25
gnu tar 1.15.91
gnu tar 1.13.17
gnu tar 1.16
gnu cpio 1.2
gnu tar 1.14.1
gnu tar 1.21
gnu tar 1.13.11
gnu tar 1.17
gnu tar 1.15.1
gnu cpio 1.3
gnu cpio 2.6
gnu cpio 2.7
gnu tar 1.13.5
gnu tar 1.13.19
gnu tar 1.20
gnu tar 1.15
gnu cpio 1.0
gnu cpio 2.5.90
CVE-2010-0731 HIGH

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu gnutls 1.1.15
gnu gnutls 1.1.21
gnu gnutls 1.0.25
gnu gnutls 1.0.24
gnu gnutls 1.0.21
gnu gnutls 1.1.13
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 1.0.20
gnu gnutls 1.1.17
gnu gnutls *
gnu gnutls 1.0.17
gnu gnutls 1.0.23
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.1.18
gnu gnutls 1.0.16
gnu gnutls 1.1.16
CVE-2010-0825 MEDIUM

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu emacs 23.1
gnu emacs 22.2
gnu emacs 22.1
gnu emacs 22.3
CVE-2010-0830 MEDIUM

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 2.2.1
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.5.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.10
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 2.3.5
gnu glibc 2.4
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2010-1160 LOW

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu nano 2.0.4
gnu nano 2.1.99pre2
gnu nano 0.5.0
gnu nano 0.7.5
gnu nano 1.1.3
gnu nano 0.5.2
gnu nano 1.3.8
gnu nano 0.9.5
gnu nano 1.3.3
gnu nano 0.7.7
gnu nano 0.7.8
gnu nano 1.1.6
gnu nano 0.8.5
gnu nano 0.9.1
gnu nano 0.9.14
gnu nano 0.5.1
gnu nano 0.9.15
gnu nano 1.1.12
gnu nano 2.0.7
gnu nano 0.6.8
gnu nano 1.1.11
gnu nano 1.0.0
gnu nano 0.8.2
gnu nano 2.0.9
gnu nano 2.1.5
gnu nano *
gnu nano 0.8.8
gnu nano 0.6.5
gnu nano 1.0.3
gnu nano 1.0.1
gnu nano 1.1.2
gnu nano 0.6.7
gnu nano 2.0.8
gnu nano 0.9.10
gnu nano 0.9.19
gnu nano 0.9.21
gnu nano 0.9.8
gnu nano 1.0.4
gnu nano 0.5.3
gnu nano 0.9.13
gnu nano 1.3.9
gnu nano 0.6.3
gnu nano 1.0.5
gnu nano 0.9.0
gnu nano 1.3.4
gnu nano 2.1.3
gnu nano 0.8.3
gnu nano 2.2.0
gnu nano 1.2.4
gnu nano 1.0.2
gnu nano 1.2.3
gnu nano 1.9.99pre3
gnu nano 2.0.2
gnu nano 1.0.9
gnu nano 0.9.12
gnu nano 1.3.11
gnu nano 0.8.9
gnu nano 2.0.5
gnu nano 0.8.0
gnu nano 1.1.5
gnu nano 0.9.99pre1
gnu nano 1.1.99pre2
gnu nano 2.1.0
gnu nano 2.1.9
gnu nano 0.6.1
gnu nano 1.1.10
gnu nano 0.9.4
gnu nano 2.1.11
gnu nano 1.2.5
gnu nano 0.9.20
gnu nano 0.9.7
gnu nano 1.3.5
gnu nano 0.5.5
gnu nano 0.7.0
gnu nano 0.7.2
gnu nano 0.7.3
gnu nano 2.1.4
gnu nano 0.9.24
gnu nano 0.9.18
gnu nano 1.3.7
gnu nano 0.8.7
gnu nano 2.1.1
gnu nano 0.8.4
gnu nano 0.6.4
gnu nano 1.1.7
gnu nano 2.2.1
gnu nano 2.1.8
gnu nano 1.1.99pre3
gnu nano 0.7.1
gnu nano 0.6.9
gnu nano 0.9.17
gnu nano 0.9.22
gnu nano 0.9.16
gnu nano 0.8.6
gnu nano 2.1.2
gnu nano 1.1.9
gnu nano 2.1.99pre1
gnu nano 1.3.0
gnu nano 2.1.10
gnu nano 0.9.25
gnu nano 1.3.2
gnu nano 1.0.6
gnu nano 2.0.1
gnu nano 1.2.1
gnu nano 1.0.7
gnu nano 2.0.3
gnu nano 0.6.6
gnu nano 1.3.6
gnu nano 2.1.6
gnu nano 2.0.0
gnu nano 0.7.6
gnu nano 0.6.2
gnu nano 0.9.2
gnu nano 1.1.99pre1
gnu nano 2.1.7
gnu nano 0.9.99pre2
gnu nano 1.1.1
gnu nano 0.6.0
gnu nano 1.1.4
gnu nano 1.2.2
gnu nano 0.8.1
gnu nano 0.9.11
gnu nano 1.3.1
gnu nano 2.0.6
gnu nano 2.2.2
gnu nano 0.9.3
gnu nano 0.9.99pre3
gnu nano 1.0.8
gnu nano 1.9.99pre2
gnu nano 1.1.0
gnu nano 1.9.99pre1
gnu nano 1.1.8
gnu nano 0.9.6
gnu nano 1.3.10
gnu nano 0.5.4
gnu nano 0.7.9
gnu nano 0.9.9
gnu nano 1.2.0
gnu nano 0.7.4
gnu nano 1.3.12
gnu nano 0.9.23
CVE-2010-1161 LOW

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnu nano 2.0.4
gnu nano 2.1.99pre2
gnu nano 0.5.0
gnu nano 0.7.5
gnu nano 1.1.3
gnu nano 0.5.2
gnu nano 1.3.8
gnu nano 0.9.5
gnu nano 1.3.3
gnu nano 0.7.7
gnu nano 0.7.8
gnu nano 1.1.6
gnu nano 0.8.5
gnu nano 0.9.1
gnu nano 0.9.14
gnu nano 0.5.1
gnu nano 0.9.15
gnu nano 1.1.12
gnu nano 2.0.7
gnu nano 0.6.8
gnu nano 1.1.11
gnu nano 1.0.0
gnu nano 0.8.2
gnu nano 2.0.9
gnu nano 2.1.5
gnu nano *
gnu nano 0.8.8
gnu nano 0.6.5
gnu nano 1.0.3
gnu nano 1.0.1
gnu nano 1.1.2
gnu nano 0.6.7
gnu nano 2.0.8
gnu nano 0.9.10
gnu nano 0.9.19
gnu nano 0.9.21
gnu nano 0.9.8
gnu nano 1.0.4
gnu nano 0.5.3
gnu nano 0.9.13
gnu nano 1.3.9
gnu nano 0.6.3
gnu nano 1.0.5
gnu nano 0.9.0
gnu nano 1.3.4
gnu nano 2.1.3
gnu nano 0.8.3
gnu nano 2.2.0
gnu nano 1.2.4
gnu nano 1.0.2
gnu nano 1.2.3
gnu nano 1.9.99pre3
gnu nano 2.0.2
gnu nano 1.0.9
gnu nano 0.9.12
gnu nano 1.3.11
gnu nano 0.8.9
gnu nano 2.0.5
gnu nano 0.8.0
gnu nano 1.1.5
gnu nano 0.9.99pre1
gnu nano 1.1.99pre2
gnu nano 2.1.0
gnu nano 2.1.9
gnu nano 0.6.1
gnu nano 1.1.10
gnu nano 0.9.4
gnu nano 2.1.11
gnu nano 1.2.5
gnu nano 0.9.20
gnu nano 0.9.7
gnu nano 1.3.5
gnu nano 0.5.5
gnu nano 0.7.0
gnu nano 0.7.2
gnu nano 0.7.3
gnu nano 2.1.4
gnu nano 0.9.24
gnu nano 0.9.18
gnu nano 1.3.7
gnu nano 0.8.7
gnu nano 2.1.1
gnu nano 0.8.4
gnu nano 0.6.4
gnu nano 1.1.7
gnu nano 2.2.1
gnu nano 2.1.8
gnu nano 1.1.99pre3
gnu nano 0.7.1
gnu nano 0.6.9
gnu nano 0.9.17
gnu nano 0.9.22
gnu nano 0.9.16
gnu nano 0.8.6
gnu nano 2.1.2
gnu nano 1.1.9
gnu nano 2.1.99pre1
gnu nano 1.3.0
gnu nano 2.1.10
gnu nano 0.9.25
gnu nano 1.3.2
gnu nano 1.0.6
gnu nano 2.0.1
gnu nano 1.2.1
gnu nano 1.0.7
gnu nano 2.0.3
gnu nano 0.6.6
gnu nano 1.3.6
gnu nano 2.1.6
gnu nano 2.0.0
gnu nano 0.7.6
gnu nano 0.6.2
gnu nano 0.9.2
gnu nano 1.1.99pre1
gnu nano 2.1.7
gnu nano 0.9.99pre2
gnu nano 1.1.1
gnu nano 0.6.0
gnu nano 1.1.4
gnu nano 1.2.2
gnu nano 0.8.1
gnu nano 0.9.11
gnu nano 1.3.1
gnu nano 2.0.6
gnu nano 2.2.2
gnu nano 0.9.3
gnu nano 0.9.99pre3
gnu nano 1.0.8
gnu nano 1.9.99pre2
gnu nano 1.1.0
gnu nano 1.9.99pre1
gnu nano 1.1.8
gnu nano 0.9.6
gnu nano 1.3.10
gnu nano 0.5.4
gnu nano 0.7.9
gnu nano 0.9.9
gnu nano 1.2.0
gnu nano 0.7.4
gnu nano 1.3.12
gnu nano 0.9.23
CVE-2010-2056 LOW

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu gv *
gnu gv 3.6.2
gnu gv 3.5.8
gnu gv 3.6.5
gnu gv 3.6.0
gnu gv 3.6.6
gnu gv 3.6.1
gnu gv 3.6.7
gnu gv 3.6.8
gnu gv 3.6.4
gnu gv 3.6.3
CVE-2010-2252 MEDIUM

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu wget 1.8.2
gnu wget 1.10.1
gnu wget 1.11.4
gnu wget 1.8
gnu wget 1.7
gnu wget 1.7.1
gnu wget 1.6
gnu wget 1.10
gnu wget *
gnu wget 1.10.2
gnu wget 1.11.2
gnu wget 1.11
gnu wget 1.8.1
gnu wget 1.11.1
gnu wget 1.9.1
gnu wget 1.11.3
gnu wget 1.9
gnu wget 1.5.3
CVE-2010-3089 LOW

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
gnu mailman 2.1
gnu mailman 2.1.11
gnu mailman *
gnu mailman 2.1.2
gnu mailman 2.1.8
gnu mailman 2.1.6
gnu mailman 2.1.4
gnu mailman 2.1.10
gnu mailman 2.1.12
gnu mailman 2.1.13
gnu mailman 2.1.9
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.1.7
CVE-2010-3192 MEDIUM

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2010-3847 MEDIUM

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2010-3856 HIGH

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2010-4051 MEDIUM

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 1.04
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc 1.05
gnu glibc 2.11.2
gnu glibc 2.1.1.6
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 1.08
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 1.01
gnu glibc 2.10
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 1.00
gnu glibc 2.1.3.10
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 1.09.1
CVE-2010-4052 MEDIUM

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 1.04
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc 1.05
gnu glibc 2.11.2
gnu glibc 2.1.1.6
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 1.08
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 1.01
gnu glibc 2.10
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 1.00
gnu glibc 2.1.3.10
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 1.09.1
CVE-2010-4226 MEDIUM

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
gnu cpio *
opensuse opensuse 2007.05.10
opensuse opensuse 2010.07.28
CVE-2010-4337 LOW

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu gnash 0.8.8
CVE-2010-4651 MEDIUM

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu gnu_patch 2.5.9
gnu gnu_patch 2.5.4
gnu gnu_patch 2.5
gnu gnu_patch *
gnu gnu_patch 2.6
CVE-2010-4756 MEDIUM

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2011-0536 MEDIUM

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux *
gnu glibc 2.5-49.el5_5.6
gnu glibc 2.12-1.7.el6_0.3
CVE-2011-0707 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
gnu mailman 2.0.5
gnu mailman 2.0.12
gnu mailman 2.0.7
gnu mailman 2.1.11
gnu mailman *
gnu mailman 2.1.2
gnu mailman 2.1.8
gnu mailman 2.1b1
gnu mailman 2.1.6
gnu mailman 2.1.10
gnu mailman 2.0.1
gnu mailman 2.0.8
gnu mailman 1.0
gnu mailman 2.1.5.8
gnu mailman 2.1
gnu mailman 1.1
gnu mailman 2.0.9
gnu mailman 2.0.13
gnu mailman 2.0.2
gnu mailman 2.0.10
gnu mailman 2.0.14
gnu mailman 2.1.14
gnu mailman 2.0.3
gnu mailman 2.0.4
gnu mailman 2.1.4
gnu mailman 2.1.12
gnu mailman 2.1.13
gnu mailman 2.0
gnu mailman 2.1.9
gnu mailman 2.0.11
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.0.6
gnu mailman 2.1.7
CVE-2011-1071 MEDIUM

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu eglibc *
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2011-1089 LOW

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

CVSS 2.0

Severity: LOW

Problem Type: CWE-16,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2011-1095 MEDIUM

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2011-1658 LOW

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2011-1659 MEDIUM

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.2.1
gnu glibc 2.11.3
gnu glibc 1.07
gnu glibc *
gnu glibc 1.05
gnu glibc 2.6
gnu glibc 2.1.1.6
gnu glibc 2.2
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.3
gnu glibc 2.1.1
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.10
gnu glibc 2.0.6
gnu glibc 2.1.3
gnu glibc 2.2.5
gnu glibc 1.06
gnu glibc 2.10.2
gnu glibc 2.4
gnu glibc 1.09.1
gnu glibc 1.03
gnu glibc 1.09
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 1.04
gnu glibc 2.3.10
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.2.3
gnu glibc 2.2.4
gnu glibc 2.0.3
gnu glibc 2.5.1
gnu glibc 1.08
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.3.4
gnu glibc 1.01
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.12.0
gnu glibc 2.1
gnu glibc 1.02
gnu glibc 2.1.2
gnu glibc 2.6.1
gnu glibc 1.00
gnu glibc 2.2.2
gnu glibc 2.1.3.10
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.3.5
gnu glibc 2.9
gnu glibc 2.0.5
gnu glibc 2.3.1
CVE-2011-2702 MEDIUM

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
gnu glibc 2.12
gnu eglibc *
gnu glibc *
gnu glibc 2.12.1
CVE-2011-3771 MEDIUM

phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu phpbook 2.1.0
CVE-2011-4128 MEDIUM

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 2.12.11
gnu gnutls 3.0.4
gnu gnutls 2.12.0
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.7
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 3.0.5
gnu gnutls 2.12.8
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 2.12.6
gnu gnutls 3.0.6
gnu gnutls 2.12.5
gnu gnutls 2.12.1
gnu gnutls 2.12.6.1
gnu gnutls 2.12.13
gnu gnutls 3.0.3
gnu gnutls 2.12.12
gnu gnutls 3.0.2
CVE-2011-4328 MEDIUM

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu gnash 0.8.5
gnu gnash 0.8.9
gnu gnash *
gnu gnash 0.8.7
gnu gnash 0.8.8
CVE-2011-4355 MEDIUM

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu gdb 6.1
gnu gdb 6.3
gnu gdb 6.2
gnu gdb 5.0.93
gnu gdb 6.7.1
gnu gdb 5.1
gnu gdb 5.1.1
gnu gdb 6.2.1
gnu gdb 6.8
gnu gdb 6.1.1
gnu gdb 7.0
gnu gdb 5.0.92
gnu gdb 6.0
gnu gdb 6.6
gnu gdb 7.4
gnu gdb 6.7
gnu gdb 7.0.1
gnu gdb 5.2
gnu gdb 7.2
gnu gdb 6.4
gnu gdb 4.18
gnu gdb 6.5
gnu gdb 7.1
gnu gdb 5.0
gnu gdb 7.3.1
gnu gdb 5.3
gnu gdb *
gnu gdb 7.3
gnu gdb 5.2.1
CVE-2011-4862 HIGH

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
suse linux_enterprise_desktop 10
suse linux_enterprise_desktop 11
suse linux_enterprise_server 9
fedoraproject fedora 15
fedoraproject fedora 16
debian debian_linux 7.0
suse linux_enterprise_software_development_kit 10
mit krb5-appl *
freebsd freebsd *
suse linux_enterprise_software_development_kit 11
debian debian_linux 5.0
suse linux_enterprise_server 10
opensuse opensuse 11.3
gnu inetutils *
suse linux_enterprise_server 11
heimdal_project heimdal *
debian debian_linux 6.0
CVE-2011-5024 MEDIUM

Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnu mailman 2.1
gnu mailman 2.1.11
gnu mailman 2.0.13
gnu mailman 2.1.2
gnu mailman 2.1.8
gnu mailman 2.1.6
gnu mailman 2.1.4
gnu mailman 2.1.10
gnu mailman 2.1.12
gnu mailman 2.1.9
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.1.7
CVE-2011-5320 LOW

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2012-0035 HIGH

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu emacs 20.1
gnu emacs 20.3
gnu emacs 20.5
eric_m_ludlam cedet *
gnu emacs 23.1
gnu emacs 20.6
gnu emacs *
gnu emacs 20.4
gnu emacs 23.4
gnu emacs 22.3
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
gnu emacs 22.2
gnu emacs 22.1
gnu emacs 21.2.1
gnu emacs 21.3.1
gnu emacs 20.0
gnu emacs 20.7
gnu emacs 21.3
gnu emacs 20.2
gnu emacs 23.2
eric_m_ludlam cedet 1.0
gnu emacs 21.4
CVE-2012-0390 MEDIUM

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 2.12.0
gnu gnutls 2.12.2
gnu gnutls 2.12.7
gnu gnutls 2.6.4
gnu gnutls 2.10.5
gnu gnutls 2.2.4
gnu gnutls 3.0.5
gnu gnutls 2.8.2
gnu gnutls 2.6.6
gnu gnutls 2.12.6
gnu gnutls 2.10.5-x86
gnu gnutls 2.8.5
gnu gnutls 2.12.13
gnu gnutls 3.0.8
gnu gnutls 2.4.1
gnu gnutls 2.10.1-x86
gnu gnutls 3.0.9
gnu gnutls 2.10.2
gnu gnutls 3.0.4
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.8
gnu gnutls 3.0.7
gnu gnutls 2.6.1
gnu gnutls 2.12.6.1
gnu gnutls 2.12.11
gnu gnutls 2.4.3
gnu gnutls 2.8.0
gnu gnutls 2.12.10
gnu gnutls *
gnu gnutls 3.0.6
gnu gnutls 2.8.3
gnu gnutls 2.12.5
gnu gnutls 2.12.1
gnu gnutls 2.10.4
gnu gnutls 2.4.2
gnu gnutls 3.0.2
gnu gnutls 2.10.1
gnu gnutls 2.4.0
gnu gnutls 2.6.0
gnu gnutls 2.8.6
gnu gnutls 2.12.9
gnu gnutls 2.6.5
gnu gnutls 2.8.4
gnu gnutls 2.10.0
gnu gnutls 2.10.3
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 2.6.3
gnu gnutls 2.10.2-x86
gnu gnutls 2.12.14
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 3.0.3
gnu gnutls 2.8.1
gnu gnutls 2.12.12
CVE-2012-0864 MEDIUM

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.14
CVE-2012-1569 MEDIUM

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu libtasn1 2.10
gnu gnutls 1.1.21
gnu libtasn1 0.3.10
gnu libtasn1 0.2.9
gnu gnutls 2.10.5
gnu libtasn1 2.0
gnu gnutls 1.1.17
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.7.12
gnu libtasn1 2.8
gnu gnutls 2.3.9
gnu gnutls 2.4.1
gnu libtasn1 0.2.0
gnu gnutls 2.3.1
gnu gnutls 2.10.2
gnu gnutls 2.1.2
gnu gnutls 3.0.4
gnu gnutls 2.3.3
gnu libtasn1 2.4
gnu libtasn1 0.2.5
gnu libtasn1 2.3
gnu gnutls 1.1.13
gnu gnutls 3.0
gnu libtasn1 1.1
gnu libtasn1 0.3.9
gnu gnutls 1.4.0
gnu gnutls 2.1.8
gnu gnutls 2.4.3
gnu libtasn1 0.2.2
gnu gnutls 1.6.1
gnu libtasn1 *
gnu gnutls 2.1.4
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 2.7.4
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu libtasn1 0.1.0
gnu gnutls 2.12.5
gnu libtasn1 0.1.1
gnu gnutls 1.2.4
gnu gnutls 1.4.3
gnu libtasn1 1.8
gnu gnutls 1.3.4
gnu gnutls 3.0.2
gnu gnutls 1.7.11
gnu libtasn1 2.6
gnu gnutls 2.8.4
gnu gnutls 2.10.0
gnu gnutls 3.0.13
gnu gnutls 1.2.7
gnu gnutls 3.0.1
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 2.6.3
gnu gnutls 1.0.23
gnu gnutls 2.12.14
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 1.7.1
gnu gnutls 2.12.12
gnu gnutls 3.0.14
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 1.3.5
gnu gnutls 2.12.0
gnu gnutls 1.2.9
gnu libtasn1 1.5
gnu gnutls 2.6.4
gnu libtasn1 0.2.3
gnu gnutls 1.5.4
gnu gnutls 1.2.6
gnu gnutls 2.6.6
gnu gnutls 2.12.6
gnu gnutls 2.1.7
gnu gnutls 1.2.5
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 1.7.7
gnu libtasn1 0.3.2
gnu gnutls 2.3.10
gnu gnutls 1.0.17
gnu gnutls 1.7.2
gnu gnutls 2.6.1
gnu gnutls 2.1.1
gnu gnutls 1.0.19
gnu gnutls 2.12.11
gnu gnutls 1.2.10
gnu gnutls 2.8.0
gnu libtasn1 0.2.16
gnu gnutls 1.4.1
gnu gnutls 1.0.25
gnu libtasn1 0.2.15
gnu libtasn1 1.7
gnu gnutls 1.7.18
gnu gnutls 2.12.10
gnu libtasn1 0.2.17
gnu libtasn1 0.2.8
gnu gnutls 2.1.0
gnu libtasn1 2.2
gnu libtasn1 0.2.18
gnu gnutls 2.3.8
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 2.4.0
gnu gnutls 2.6.0
gnu libtasn1 2.5
gnu gnutls 2.8.6
gnu gnutls 2.10.3
gnu libtasn1 2.1
gnu gnutls 3.0.0
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 1.6.2
gnu gnutls 1.7.5
gnu gnutls 3.0.3
gnu gnutls 2.1.5
gnu libtasn1 0.2.10
gnu gnutls 2.12.2
gnu libtasn1 0.3.4
gnu gnutls 2.2.4
gnu gnutls 3.0.5
gnu gnutls 1.2.8.1a1
gnu gnutls 1.7.10
gnu gnutls 1.4.2
gnu gnutls 2.12.13
gnu gnutls 1.1.14
gnu gnutls 1.0.18
gnu libtasn1 2.7
gnu gnutls 2.0.1
gnu gnutls 1.6.0
gnu gnutls 1.5.3
gnu libtasn1 1.6
gnu gnutls 3.0.7
gnu gnutls 1.7.9
gnu gnutls 1.7.3
gnu gnutls 2.12.6.1
gnu gnutls 1.1.16
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu libtasn1 0.2.13
gnu gnutls 1.2.0
gnu gnutls 2.3.2
gnu gnutls 1.1.23
gnu gnutls *
gnu gnutls 1.2.1
gnu gnutls 2.8.3
gnu gnutls 2.12.1
gnu gnutls 2.3.0
gnu gnutls 3.0.10
gnu libtasn1 1.2
gnu libtasn1 0.3.8
gnu libtasn1 0.2.11
gnu gnutls 2.2.1
gnu gnutls 2.12.9
gnu gnutls 2.6.5
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 1.5.5
gnu gnutls 2.1.3
gnu gnutls 1.6.3
gnu libtasn1 0.3.0
gnu gnutls 1.4.5
gnu gnutls 3.0.11
gnu libtasn1 1.3
gnu libtasn1 1.0
gnu libtasn1 0.2.7
gnu gnutls 2.12.7
gnu gnutls 1.0.24
gnu gnutls 2.8.2
gnu libtasn1 0.3.6
gnu libtasn1 0.3.3
gnu gnutls 2.0.3
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.8.5
gnu libtasn1 2.9
gnu gnutls 1.7.6
gnu gnutls 1.7.17
gnu gnutls 1.4.4
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 1.7.13
gnu gnutls 2.12.8
gnu gnutls 2.0.2
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
gnu gnutls 2.3.6
gnu libtasn1 0.3.7
gnu libtasn1 0.2.12
gnu gnutls 1.1.22
gnu libtasn1 0.3.5
gnu gnutls 1.5.1
gnu gnutls 1.2.3
gnu gnutls 3.0.12
gnu gnutls 1.7.14
gnu libtasn1 1.4
gnu libtasn1 0.2.6
gnu gnutls 1.2.11
gnu gnutls 3.0.6
gnu gnutls 2.10.4
gnu gnutls 2.4.2
gnu gnutls 2.10.1
gnu libtasn1 0.2.4
gnu libtasn1 0.3.1
gnu gnutls 1.7.19
gnu gnutls 1.0.16
gnu gnutls 2.8.1
gnu libtasn1 0.2.1
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu libtasn1 0.1.2
gnu gnutls 2.5.0
gnu libtasn1 0.2.14
CVE-2012-1573 MEDIUM

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 2.12.15
gnu gnutls 3.0.11
gnu gnutls 2.3.4
gnu gnutls 2.12.0
gnu gnutls 2.12.2
gnu gnutls 2.12.7
gnu gnutls 2.6.4
gnu gnutls 2.10.5
gnu gnutls 2.2.4
gnu gnutls 3.0.5
gnu gnutls 2.8.2
gnu gnutls 2.6.6
gnu gnutls 2.0.3
gnu gnutls 2.12.6
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 2.8.5
gnu gnutls 2.12.13
gnu gnutls 3.0.8
gnu gnutls 2.3.9
gnu gnutls 2.4.1
gnu gnutls 3.0.9
gnu gnutls 2.3.1
gnu gnutls 2.10.2
gnu gnutls 2.1.2
gnu gnutls 3.0.4
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 2.12.8
gnu gnutls 2.3.10
gnu gnutls 3.0.7
gnu gnutls 3.0
gnu gnutls 2.0.2
gnu gnutls 2.6.1
gnu gnutls 2.0.0
gnu gnutls 2.12.6.1
gnu gnutls 2.2.0
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 2.12.11
gnu gnutls 2.1.8
gnu gnutls 2.4.3
gnu gnutls 2.8.0
gnu gnutls 3.0.12
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 2.12.10
gnu gnutls 2.7.4
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls *
gnu gnutls 2.1.0
gnu gnutls 3.0.6
gnu gnutls 2.8.3
gnu gnutls 2.12.5
gnu gnutls 2.12.1
gnu gnutls 2.3.0
gnu gnutls 3.0.10
gnu gnutls 2.10.4
gnu gnutls 2.3.8
gnu gnutls 2.4.2
gnu gnutls 3.0.2
gnu gnutls 2.10.1
gnu gnutls 2.4.0
gnu gnutls 2.6.0
gnu gnutls 2.8.6
gnu gnutls 2.2.1
gnu gnutls 2.12.9
gnu gnutls 2.6.5
gnu gnutls 2.8.4
gnu gnutls 2.10.0
gnu gnutls 2.10.3
gnu gnutls 3.0.13
gnu gnutls 2.3.5
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 2.6.3
gnu gnutls 2.1.6
gnu gnutls 2.12.14
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 3.0.3
gnu gnutls 2.8.1
gnu gnutls 2.1.3
gnu gnutls 2.12.12
gnu gnutls 3.0.14
gnu gnutls 2.1.5
gnu gnutls 2.5.0
CVE-2012-1663 HIGH

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu gnutls 2.3.4
gnu gnutls 1.1.21
gnu gnutls 2.12.2
gnu gnutls 2.10.5
gnu gnutls 2.2.4
gnu gnutls 3.0.5
gnu gnutls 1.2.8.1a1
gnu gnutls 1.1.17
gnu gnutls 1.7.10
gnu gnutls 1.1.19
gnu gnutls 1.0.22
gnu gnutls 1.4.2
gnu gnutls 1.7.12
gnu gnutls 2.12.13
gnu gnutls 2.3.9
gnu gnutls 2.4.1
gnu gnutls 2.3.1
gnu gnutls 1.1.14
gnu gnutls 2.10.2
gnu gnutls 1.0.18
gnu gnutls 2.1.2
gnu gnutls 3.0.4
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 1.6.0
gnu gnutls 1.5.3
gnu gnutls 1.1.13
gnu gnutls 3.0.7
gnu gnutls 3.0
gnu gnutls 1.4.0
gnu gnutls 1.7.9
gnu gnutls 1.7.3
gnu gnutls 2.12.6.1
gnu gnutls 1.1.16
gnu gnutls 2.1.8
gnu gnutls 2.4.3
gnu gnutls 1.1.15
gnu gnutls 1.3.2
gnu gnutls 1.2.2
gnu gnutls 1.6.1
gnu gnutls 1.2.0
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 1.0.21
gnu gnutls 1.1.20
gnu gnutls 1.1.23
gnu gnutls 2.7.4
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls *
gnu gnutls 1.2.1
gnu gnutls 2.8.3
gnu gnutls 2.12.5
gnu gnutls 2.12.1
gnu gnutls 2.3.0
gnu gnutls 1.2.4
gnu gnutls 3.0.10
gnu gnutls 1.4.3
gnu gnutls 1.3.4
gnu gnutls 3.0.2
gnu gnutls 1.7.11
gnu gnutls 2.2.1
gnu gnutls 2.12.9
gnu gnutls 2.6.5
gnu gnutls 2.8.4
gnu gnutls 2.10.0
gnu gnutls 1.2.7
gnu gnutls 2.3.5
gnu gnutls 1.0.20
gnu gnutls 3.0.1
gnu gnutls 1.2.8
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 2.6.3
gnu gnutls 1.0.23
gnu gnutls 1.3.1
gnu gnutls 2.1.6
gnu gnutls 2.12.14
gnu gnutls 1.5.5
gnu gnutls 1.7.0
gnu gnutls 1.7.8
gnu gnutls 2.1.3
gnu gnutls 1.7.1
gnu gnutls 2.12.12
gnu gnutls 1.6.3
gnu gnutls 1.4.5
gnu gnutls 1.7.15
gnu gnutls 1.3.3
gnu gnutls 3.0.11
gnu gnutls 1.3.5
gnu gnutls 2.12.0
gnu gnutls 1.2.9
gnu gnutls 2.12.7
gnu gnutls 1.0.24
gnu gnutls 2.6.4
gnu gnutls 1.5.4
gnu gnutls 2.8.2
gnu gnutls 1.2.6
gnu gnutls 2.6.6
gnu gnutls 2.0.3
gnu gnutls 2.12.6
gnu gnutls 1.7.4
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 2.8.5
gnu gnutls 1.2.5
gnu gnutls 3.0.8
gnu gnutls 1.7.6
gnu gnutls 3.0.9
gnu gnutls 1.7.7
gnu gnutls 1.7.17
gnu gnutls 1.4.4
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 1.7.13
gnu gnutls 2.12.8
gnu gnutls 2.3.10
gnu gnutls 2.0.2
gnu gnutls 1.0.17
gnu gnutls 1.7.2
gnu gnutls 2.6.1
gnu gnutls 1.1.18
gnu gnutls 2.0.0
gnu gnutls 2.2.0
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 1.0.19
gnu gnutls 1.1.22
gnu gnutls 2.12.11
gnu gnutls 1.2.10
gnu gnutls 2.8.0
gnu gnutls 1.4.1
gnu gnutls 1.5.1
gnu gnutls 1.0.25
gnu gnutls 1.2.3
gnu gnutls 3.0.12
gnu gnutls 1.7.14
gnu gnutls 1.7.18
gnu gnutls 2.12.10
gnu gnutls 1.2.11
gnu gnutls 2.1.0
gnu gnutls 3.0.6
gnu gnutls 2.10.4
gnu gnutls 2.3.8
gnu gnutls 2.4.2
gnu gnutls 1.5.0
gnu gnutls 1.7.16
gnu gnutls 2.10.1
gnu gnutls 2.4.0
gnu gnutls 2.6.0
gnu gnutls 2.8.6
gnu gnutls 2.10.3
gnu gnutls 3.0.0
gnu gnutls 1.7.19
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 1.0.16
gnu gnutls 1.6.2
gnu gnutls 1.7.5
gnu gnutls 3.0.3
gnu gnutls 2.8.1
gnu gnutls 1.3.0
gnu gnutls 1.5.2
gnu gnutls 2.1.5
gnu gnutls 2.5.0
CVE-2012-3386 MEDIUM

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-362,

Products Affected

Vendor Product Version
gnu automake 1.6
gnu automake 1.9.4
gnu automake 1.3
gnu automake 1.11.2
gnu automake 1.11.3
gnu automake 1.6.1
gnu automake 1.7.2
gnu automake 1.7.9
gnu automake 1.7.1
gnu automake 1.7.4
gnu automake 1.7
gnu automake 1.7.7
gnu automake 1.0
gnu automake 1.9.3
gnu automake 1.7.3
gnu automake 1.8.2
gnu automake 1.9.5
gnu automake 1.6.3
gnu automake 1.9.6
gnu automake 1.11.4
gnu automake 1.4
gnu automake 1.12.1
gnu automake 1.8.4
gnu automake 1.9
gnu automake 1.10.1
gnu automake 1.10.3
gnu automake 1.8
gnu automake 1.7.8
gnu automake 1.8.1
gnu automake 1.12
gnu automake 1.9.2
gnu automake 1.9.1
gnu automake *
gnu automake 1.6.2
gnu automake 1.10
gnu automake 1.8.3
gnu automake 1.8.5
gnu automake 1.10.2
gnu automake 1.10.0.3
gnu automake 1.2
gnu automake 1.7.6
gnu automake 1.5
gnu automake 1.11.1
gnu automake 1.7.5
CVE-2012-3480 MEDIUM

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.16
CVE-2012-3509 MEDIUM

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu libiberty -
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
debian debian_linux 7.0
gnu binutils *
CVE-2012-5667 MEDIUM

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu grep *
gnu grep 2.3
gnu grep 2.6.1
gnu grep 2.4
gnu grep 2.5.3
gnu grep 2.9
gnu grep 2.6.3
gnu grep 2.6.2
gnu grep 2.2
gnu grep 2.5
gnu grep 2.7
gnu grep 2.4.1
gnu grep 2.4.2
gnu grep 2.6
gnu grep 2.5.1
gnu grep 2.8
gnu grep 2.5.4
CVE-2012-6656 MEDIUM

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
debian debian_linux 7.0
gnu glibc *
CVE-2012-6711 MEDIUM

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu bash *
redhat enterprise_linux 7.0
CVE-2013-0242 MEDIUM

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.17
CVE-2013-1619 MEDIUM

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 2.12.15
gnu gnutls 2.3.4
gnu gnutls 2.12.2
gnu gnutls 3.1.1
gnu gnutls 2.10.5
gnu gnutls 2.2.4
gnu gnutls 3.0.5
gnu gnutls 3.0.18
gnu gnutls 3.0.21
gnu gnutls 2.12.13
gnu gnutls 2.3.9
gnu gnutls 2.4.1
gnu gnutls 3.0.17
gnu gnutls 2.3.1
gnu gnutls 2.10.2
gnu gnutls 2.1.2
gnu gnutls 3.0.4
gnu gnutls 2.3.3
gnu gnutls 2.0.1
gnu gnutls 3.0.7
gnu gnutls 3.0
gnu gnutls 2.12.6.1
gnu gnutls 2.12.22
gnu gnutls 2.12.19
gnu gnutls 3.0.24
gnu gnutls 2.1.8
gnu gnutls 2.4.3
gnu gnutls 2.1.4
gnu gnutls 2.3.2
gnu gnutls 3.1.5
gnu gnutls 2.7.4
gnu gnutls 2.2.3
gnu gnutls 2.0.4
gnu gnutls 3.0.22
gnu gnutls 2.8.3
gnu gnutls 2.12.5
gnu gnutls 2.12.1
gnu gnutls 2.3.0
gnu gnutls 3.0.10
gnu gnutls 3.0.2
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.0.23
gnu gnutls 2.2.1
gnu gnutls 2.12.9
gnu gnutls 2.6.5
gnu gnutls 2.8.4
gnu gnutls 2.10.0
gnu gnutls 3.0.13
gnu gnutls 2.3.5
gnu gnutls 3.0.1
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 2.3.11
gnu gnutls 2.3.7
gnu gnutls 2.6.3
gnu gnutls 2.1.6
gnu gnutls 2.12.14
gnu gnutls 2.1.3
gnu gnutls 2.12.12
gnu gnutls 3.1.4
gnu gnutls 3.0.14
gnu gnutls 3.0.11
gnu gnutls 2.12.0
gnu gnutls 2.12.7
gnu gnutls 3.0.19
gnu gnutls 2.6.4
gnu gnutls 2.8.2
gnu gnutls 3.0.25
gnu gnutls 2.6.6
gnu gnutls 2.0.3
gnu gnutls 2.12.6
gnu gnutls 2.2.2
gnu gnutls 2.1.7
gnu gnutls 2.8.5
gnu gnutls 3.0.26
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 2.12.16
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.18
gnu gnutls 2.12.21
gnu gnutls 3.0.20
gnu gnutls 2.12.8
gnu gnutls 2.3.10
gnu gnutls 3.0.16
gnu gnutls 2.0.2
gnu gnutls 2.6.1
gnu gnutls 2.0.0
gnu gnutls 2.12.20
gnu gnutls 2.2.0
gnu gnutls 3.0.27
gnu gnutls 2.1.1
gnu gnutls 2.3.6
gnu gnutls 2.12.11
gnu gnutls 2.12.17
gnu gnutls 2.8.0
gnu gnutls 3.0.12
gnu gnutls 2.12.10
gnu gnutls 3.0.15
gnu gnutls 2.1.0
gnu gnutls 3.0.6
gnu gnutls 2.10.4
gnu gnutls 2.3.8
gnu gnutls 2.4.2
gnu gnutls 2.10.1
gnu gnutls 2.4.0
gnu gnutls 2.6.0
gnu gnutls 2.8.6
gnu gnutls 2.10.3
gnu gnutls 3.0.0
gnu gnutls 2.2.5
gnu gnutls 2.6.2
gnu gnutls 3.0.3
gnu gnutls 2.8.1
gnu gnutls 2.1.5
gnu gnutls 2.5.0
CVE-2013-1914 MEDIUM

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.7
gnu glibc 2.8
gnu glibc 2.2.1
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.11.2
gnu glibc 2.2.3
gnu glibc 2.6
gnu glibc 2.16
gnu glibc 2.2
gnu glibc 2.2.4
gnu glibc 2.11.1
gnu glibc 2.5.1
gnu glibc 2.12.2
gnu glibc 2.3
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.3.3
gnu glibc 2.3.6
gnu glibc 2.12.1
gnu glibc 2.3.2
gnu glibc 2.3.4
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.6.1
gnu glibc 2.2.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.5
gnu glibc 2.11
gnu glibc 2.2.5
gnu glibc 2.3.5
gnu glibc 2.4
gnu glibc 2.9
gnu glibc 2.3.1
CVE-2013-2116 MEDIUM

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu gnutls 2.12.23
CVE-2013-2207 LOW

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
fedoraproject fedora 18
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
fedoraproject fedora 19
CVE-2013-4237 MEDIUM

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
CVE-2013-4332 MEDIUM

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
redhat enterprise_linux 5
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
CVE-2013-4458 MEDIUM

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.12.2
suse linux_enterprise_server 11
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
suse linux_enterprise_debuginfo 11
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
CVE-2013-4466 MEDIUM

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.1.9
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.1
gnu gnutls 3.1.5
gnu gnutls 3.1.14
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.10
gnu gnutls 3.1.7
gnu gnutls 3.2.4
gnu gnutls 3.2.1
gnu gnutls 3.2.3
gnu gnutls 3.2.0
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.2.2
gnu gnutls 3.1.13
CVE-2013-4487 MEDIUM

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.1.9
gnu gnutls 3.1.15
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.1
opensuse opensuse 13.1
gnu gnutls 3.1.5
gnu gnutls 3.1.14
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.10
gnu gnutls 3.1.7
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.1
gnu gnutls 3.2.3
gnu gnutls 3.2.0
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.2.2
gnu gnutls 3.1.13
CVE-2013-4577 LOW

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu grub -
CVE-2013-4788 MEDIUM

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.4
gnu eglibc *
gnu glibc 2.0.5
CVE-2013-6889 MEDIUM

GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu rush 1.7
CVE-2013-7038 MEDIUM

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libmicrohttpd 0.9.26
gnu libmicrohttpd 0.9.28
gnu libmicrohttpd 0.9.29
gnu libmicrohttpd 0.9.25
gnu libmicrohttpd 0.9.30
gnu libmicrohttpd *
gnu libmicrohttpd 0.9.24
gnu libmicrohttpd 0.9.27
gnu libmicrohttpd 0.9.22
gnu libmicrohttpd 0.9.18
gnu libmicrohttpd 0.9.23
gnu libmicrohttpd 0.9.19
gnu libmicrohttpd 0.9.20
gnu libmicrohttpd 0.9.17
gnu libmicrohttpd 0.9.21
gnu libmicrohttpd 0.9.16
CVE-2013-7039 MEDIUM

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libmicrohttpd 0.9.26
gnu libmicrohttpd 0.9.28
gnu libmicrohttpd 0.9.29
gnu libmicrohttpd 0.9.25
gnu libmicrohttpd 0.9.30
gnu libmicrohttpd *
gnu libmicrohttpd 0.9.24
gnu libmicrohttpd 0.9.27
gnu libmicrohttpd 0.9.22
gnu libmicrohttpd 0.9.18
gnu libmicrohttpd 0.9.23
gnu libmicrohttpd 0.9.19
gnu libmicrohttpd 0.9.20
gnu libmicrohttpd 0.9.17
gnu libmicrohttpd 0.9.21
gnu libmicrohttpd 0.9.16
CVE-2013-7423 MEDIUM

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
canonical ubuntu_linux 10.04
redhat enterprise_linux_server_aus 6.5
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
opensuse opensuse 13.1
gnu glibc *
CVE-2013-7424 MEDIUM

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2014-0092 MEDIUM

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 3.1.20
gnu gnutls 3.1.15
gnu gnutls 3.2.8
gnu gnutls 3.2.6
gnu gnutls 3.1.11
gnu gnutls 3.2.8.1
gnu gnutls 3.1.12
gnu gnutls 3.1.1
gnu gnutls 3.1.5
gnu gnutls 3.1.19
gnu gnutls 3.1.10
gnu gnutls *
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.0
gnu gnutls 3.2.2
gnu gnutls 3.2.9
gnu gnutls 3.2.7
gnu gnutls 3.1.13
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.1.9
gnu gnutls 3.1.18
gnu gnutls 3.1.16
gnu gnutls 3.1.14
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.2.1
gnu gnutls 3.2.3
gnu gnutls 3.2.10
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.1.17
CVE-2014-0466 MEDIUM

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu a2ps 4.14
CVE-2014-0475 MEDIUM

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu glibc 2.12
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.18
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
CVE-2014-10375 MEDIUM

handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnu exosip *
CVE-2014-1959 MEDIUM

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu gnutls 3.1.15
gnu gnutls 3.2.8
gnu gnutls 3.2.6
gnu gnutls 3.1.11
gnu gnutls 3.2.8.1
gnu gnutls 3.1.12
gnu gnutls 3.1.1
gnu gnutls 3.1.5
gnu gnutls 3.1.19
gnu gnutls 3.1.10
gnu gnutls *
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.0
gnu gnutls 3.2.2
gnu gnutls 3.2.9
gnu gnutls 3.2.7
gnu gnutls 3.1.13
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.1.9
gnu gnutls 3.1.18
gnu gnutls 3.1.16
gnu gnutls 3.1.14
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.2.1
gnu gnutls 3.2.3
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.1.17
CVE-2014-2524 LOW

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
mageia mageia 4.0
gnu readline 4.1
gnu readline *
gnu readline 4.0
gnu readline 4.2
opensuse opensuse 13.1
opensuse opensuse 12.3
gnu readline 6.0
mageia mageia 3.0
gnu readline 2.1
gnu readline 5.0
gnu readline 4.3
fedoraproject fedora 20
gnu readline 5.1
gnu readline 2.2
gnu readline 5.2
gnu readline 6.2
gnu readline 6.1
CVE-2014-3421 LOW

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu emacs 20.1
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 24.2
gnu emacs 23.1
gnu emacs 20.6
gnu emacs *
gnu emacs 20.4
gnu emacs 23.4
gnu emacs 22.3
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
mageia_project mageia 4
gnu emacs 22.2
gnu emacs 22.1
mageia_project mageia 3
gnu emacs 21.2.1
gnu emacs 21.3.1
gnu emacs 24.1
gnu emacs 20.0
gnu emacs 20.7
gnu emacs 21.3
gnu emacs 20.2
gnu emacs 23.2
gnu emacs 21.4
gnu emacs 23.3
CVE-2014-3422 LOW

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu emacs 20.1
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 24.2
gnu emacs 23.1
gnu emacs 20.6
gnu emacs *
gnu emacs 20.4
gnu emacs 23.4
gnu emacs 22.3
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
mageia_project mageia 4
gnu emacs 22.2
gnu emacs 22.1
mageia_project mageia 3
gnu emacs 21.2.1
gnu emacs 21.3.1
gnu emacs 24.1
gnu emacs 20.0
gnu emacs 20.7
gnu emacs 21.3
gnu emacs 20.2
gnu emacs 23.2
gnu emacs 21.4
gnu emacs 23.3
CVE-2014-3423 LOW

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu emacs 20.1
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 24.2
gnu emacs 23.1
gnu emacs 20.6
gnu emacs *
gnu emacs 20.4
gnu emacs 23.4
gnu emacs 22.3
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
mageia_project mageia 4
gnu emacs 22.2
gnu emacs 22.1
mageia_project mageia 3
gnu emacs 21.2.1
gnu emacs 21.3.1
gnu emacs 24.1
gnu emacs 20.0
gnu emacs 20.7
gnu emacs 21.3
gnu emacs 20.2
gnu emacs 23.2
gnu emacs 21.4
gnu emacs 23.3
CVE-2014-3424 LOW

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu emacs 20.1
gnu emacs 20.3
gnu emacs 20.5
gnu emacs 24.2
gnu emacs 23.1
gnu emacs 20.6
gnu emacs *
gnu emacs 20.4
gnu emacs 23.4
gnu emacs 22.3
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
mageia_project mageia 4
gnu emacs 22.2
gnu emacs 22.1
mageia_project mageia 3
gnu emacs 21.2.1
gnu emacs 21.3.1
gnu emacs 24.1
gnu emacs 20.0
gnu emacs 20.7
gnu emacs 21.3
gnu emacs 20.2
gnu emacs 23.2
gnu emacs 21.4
gnu emacs 23.3
CVE-2014-3465 MEDIUM

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnutls 3.0.11
gnu gnutls 3.2.8.1
gnu gnutls 3.1.1
gnu gnutls 3.0.19
gnu gnutls 3.0.5
gnu gnutls 3.0.25
gnu gnutls 3.0.18
gnu gnutls 3.1.10
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.0.21
gnu gnutls 3.2.0
gnu gnutls 3.0.26
gnu gnutls 3.0.8
gnu gnutls 3.2.2
gnu gnutls 3.2.9
gnu gnutls 3.2.7
gnu gnutls 3.0.9
gnu gnutls 3.1.13
gnu gnutls 3.0.17
gnu gnutls 3.1.9
gnu gnutls 3.1.18
gnu gnutls 3.0.4
gnu gnutls 3.0.28
gnu gnutls 3.0.20
gnu gnutls 3.1.14
gnu gnutls 3.0.7
gnu gnutls 3.0.16
gnu gnutls 3.1.7
gnu gnutls 3.2.3
gnu gnutls 3.0.27
gnu gnutls 3.0.24
gnu gnutls 3.1.15
gnu gnutls 3.2.8
gnu gnutls 3.0.12
gnu gnutls 3.2.6
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.5
gnu gnutls 3.1.19
gnu gnutls 3.0.15
gnu gnutls 3.0.22
gnu gnutls 3.0.6
gnu gnutls 3.0.10
gnu gnutls 3.0.2
gnu gnutls 3.1.2
gnu gnutls 3.1.0
gnu gnutls 3.0.23
gnu gnutls 3.1.16
gnu gnutls 3.0.13
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.2.1
gnu gnutls 3.0.3
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.0.14
gnu gnutls 3.1.17
CVE-2014-3466 MEDIUM

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 3.1.20
gnu gnutls 3.1.15
gnu gnutls 3.2.8
gnu gnutls 3.2.6
gnu gnutls 3.2.13
gnu gnutls 3.1.11
gnu gnutls 3.2.8.1
gnu gnutls 3.1.12
gnu gnutls 3.1.1
gnu gnutls 3.3.0
gnu gnutls 3.1.5
gnu gnutls 3.1.19
gnu gnutls 3.1.22
gnu gnutls 3.1.10
gnu gnutls *
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.0
gnu gnutls 3.2.12
gnu gnutls 3.1.23
gnu gnutls 3.2.2
gnu gnutls 3.2.9
gnu gnutls 3.2.7
gnu gnutls 3.2.14
gnu gnutls 3.1.13
gnu gnutls 3.1.2
gnu gnutls 3.1.21
gnu gnutls 3.1.0
gnu gnutls 3.1.9
gnu gnutls 3.1.18
gnu gnutls 3.3.3
gnu gnutls 3.2.11
gnu gnutls 3.1.16
gnu gnutls 3.1.14
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.3.1
gnu gnutls 3.2.1
gnu gnutls 3.2.3
gnu gnutls 3.2.10
gnu gnutls 3.3.2
gnu gnutls 3.2.12.1
gnu gnutls 3.1.4
gnu gnutls 3.1.8
gnu gnutls 3.1.17
CVE-2014-3467 MEDIUM

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_eus 6.5
redhat virtualization 6.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
gnu libtasn1 *
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
suse linux_enterprise_high_availability_extension 11
gnu gnutls *
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_server 11
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_workstation 7.0
f5 arx_firmware *
redhat enterprise_linux_desktop 7.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_server 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.6
CVE-2014-3468 HIGH

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_eus 6.5
redhat virtualization 6.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
gnu libtasn1 *
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
suse linux_enterprise_high_availability_extension 11
gnu gnutls *
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_server 11
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_workstation 7.0
f5 arx_firmware *
redhat enterprise_linux_desktop 7.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_server 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.6
CVE-2014-3469 MEDIUM

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_eus 6.5
redhat virtualization 6.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
gnu libtasn1 *
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
suse linux_enterprise_high_availability_extension 11
gnu gnutls *
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_server 11
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_server 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.6
CVE-2014-3564 MEDIUM

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
gnu gpgme *
canonical ubuntu_linux 12.04
debian debian_linux 6.0
CVE-2014-4043 HIGH

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
gnu glibc *
CVE-2014-4877 HIGH

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu wget 1.13.1
gnu wget 1.13.2
gnu wget *
gnu wget 1.13.3
gnu wget 1.12
gnu wget 1.13.4
gnu wget 1.13
gnu wget 1.14
CVE-2014-5044 HIGH

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu libgfortran *
CVE-2014-5119 HIGH

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
debian debian_linux 7.0
gnu glibc *
CVE-2014-6040 MEDIUM

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.12
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.11.3
gnu glibc *
gnu glibc 2.0.2
gnu glibc 2.0
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.1.1.6
gnu glibc 2.16
gnu glibc 2.0.3
gnu glibc 2.11.1
gnu glibc 2.18
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.1.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc 2.10.1
gnu glibc 2.1
gnu glibc 2.1.2
gnu glibc 2.0.6
gnu glibc 2.15
gnu glibc 2.11
gnu glibc 2.1.3
gnu glibc 2.0.5
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
f5 big-iq_cloud *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
debian debian_linux 7.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
vmware esx 4.0
vmware esx 4.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm qradar_security_information_and_event_manager 7.2.8
ibm pureapplication_system *
ibm qradar_security_information_and_event_manager 7.2
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_application_acceleration_manager 11.6.0
redhat enterprise_linux_eus 6.4
ibm smartcloud_provisioning 2.1.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-iq_device *
suse linux_enterprise_desktop 11
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
redhat enterprise_linux 6.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
suse linux_enterprise_server 10
ibm san_volume_controller_firmware *
opensuse opensuse 13.2
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
f5 big-ip_protocol_security_module *
ibm storwize_v5000_firmware *
f5 big-ip_application_security_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_server_from_rhui 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_tus 7.3
suse linux_enterprise_server 12
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm stn6800_firmware *
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux 5.0
redhat enterprise_linux_eus 7.3
mageia mageia 3.0
novell zenworks_configuration_management 10.3
ibm qradar_security_information_and_event_manager 7.1.1
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_workstation 5.0
ibm storwize_v3500_firmware *
f5 big-ip_analytics 11.6.0
suse linux_enterprise_desktop 12
ibm qradar_security_information_and_event_manager 7.2.2
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_eus 7.7
f5 big-ip_webaccelerator *
ibm qradar_vulnerability_manager 7.2.8
f5 big-ip_global_traffic_manager *
ibm qradar_vulnerability_manager 7.2.1
oracle linux 4
gnu bash *
suse studio_onsite 1.3
f5 big-ip_advanced_firewall_manager *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
opensuse opensuse 13.1
opensuse opensuse 12.3
ibm qradar_security_information_and_event_manager 7.2.5
redhat enterprise_linux_desktop 6.0
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.2.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
canonical ubuntu_linux 10.04
f5 big-ip_analytics *
oracle linux 6
qnap qts 4.1.1
f5 traffix_signaling_delivery_controller *
ibm pureapplication_system 2.0.0.0
apple mac_os_x *
vmware vcenter_server_appliance 5.1
redhat enterprise_linux_for_power_big_endian 5.9_ppc
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
novell zenworks_configuration_management 11.1
redhat enterprise_linux_eus 7.5
f5 big-ip_local_traffic_manager 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
redhat enterprise_linux_server_aus 7.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
novell open_enterprise_server 11.0
ibm stn7800_firmware *
redhat enterprise_linux_server 6.0
ibm software_defined_network_for_virtual_environments *
suse linux_enterprise_software_development_kit 11
f5 big-ip_access_policy_manager *
redhat virtualization 3.4
f5 big-ip_policy_enforcement_manager *
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux 4.0
ibm qradar_security_information_and_event_manager 7.2.6
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_server_aus 7.6
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
f5 big-ip_local_traffic_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 arx_firmware *
qnap qts *
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
vmware vcenter_server_appliance 5.5
f5 big-ip_edge_gateway *
redhat enterprise_linux_desktop 7.0
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux 7.0
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_advanced_firewall_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.4.1
f5 big-ip_link_controller *
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_security_information_and_event_manager 7.2.7
ibm storwize_v3700_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
redhat enterprise_linux_eus 5.9
f5 big-ip_global_traffic_manager 11.6.0
mageia mageia 4.0
redhat enterprise_linux_server_from_rhui 5.0
arista eos *
canonical ubuntu_linux 14.04
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_eus 6.5
f5 traffix_signaling_delivery_controller 4.1.0
f5 big-ip_application_security_manager *
redhat enterprise_linux_server_tus 7.7
oracle linux 5
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_server_aus 7.3
ibm qradar_vulnerability_manager 7.2.6
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.1
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_vulnerability_manager 7.2.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
citrix netscaler_sdx_firmware *
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
suse linux_enterprise_server 11
novell zenworks_configuration_management 11
f5 enterprise_manager *
ibm storwize_v7000_firmware *
ibm qradar_vulnerability_manager 7.2.2
ibm smartcloud_entry_appliance 3.2.0
novell zenworks_configuration_management 11.3.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_workstation 7.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux_server_aus 5.6
vmware vcenter_server_appliance 5.0
ibm workload_deployer *
ibm qradar_vulnerability_manager 7.2.3
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_aus 6.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
checkpoint security_gateway *
redhat gluster_storage_server_for_on-premise 2.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm stn6500_firmware *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
novell open_enterprise_server 2.0
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_eus 7.6
ibm smartcloud_entry_appliance 2.4.0
ibm infosphere_guardium_database_activity_monitoring 8.2
CVE-2014-6277 HIGH

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gnu bash 2.02.1
gnu bash 2.03
gnu bash 2.05
gnu bash 2.01
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 4.3
gnu bash 3.2
gnu bash 4.2
gnu bash 2.01.1
gnu bash 1.14.6
gnu bash 2.04
gnu bash 1.14.5
gnu bash 2.02
gnu bash 3.0.16
gnu bash 1.14.3
gnu bash 3.1
gnu bash 1.14.2
gnu bash 1.14.7
gnu bash 1.14.0
gnu bash 3.0
gnu bash 4.1
gnu bash 2.0
gnu bash 4.0
gnu bash 3.2.48
CVE-2014-6278 HIGH

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
gnu bash 2.02.1
gnu bash 2.03
gnu bash 2.05
gnu bash 2.01
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 4.3
gnu bash 3.2
gnu bash 4.2
gnu bash 2.01.1
gnu bash 1.14.6
gnu bash 2.04
gnu bash 1.14.5
gnu bash 2.02
gnu bash 3.0.16
gnu bash 1.14.3
gnu bash 3.1
gnu bash 1.14.2
gnu bash 1.14.7
gnu bash 1.14.0
gnu bash 3.0
gnu bash 4.1
gnu bash 2.0
gnu bash 4.0
gnu bash 3.2.48
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
f5 big-iq_cloud *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
debian debian_linux 7.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
vmware esx 4.0
vmware esx 4.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm qradar_security_information_and_event_manager 7.2.8
ibm pureapplication_system *
ibm qradar_security_information_and_event_manager 7.2
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_application_acceleration_manager 11.6.0
redhat enterprise_linux_eus 6.4
ibm smartcloud_provisioning 2.1.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-iq_device *
suse linux_enterprise_desktop 11
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
redhat enterprise_linux 6.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
suse linux_enterprise_server 10
ibm san_volume_controller_firmware *
opensuse opensuse 13.2
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
f5 big-ip_protocol_security_module *
ibm storwize_v5000_firmware *
f5 big-ip_application_security_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_server_from_rhui 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_tus 7.3
suse linux_enterprise_server 12
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm stn6800_firmware *
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux 5.0
redhat enterprise_linux_eus 7.3
mageia mageia 3.0
novell zenworks_configuration_management 10.3
ibm qradar_security_information_and_event_manager 7.1.1
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_workstation 5.0
ibm storwize_v3500_firmware *
f5 big-ip_analytics 11.6.0
suse linux_enterprise_desktop 12
ibm qradar_security_information_and_event_manager 7.2.2
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_eus 7.7
f5 big-ip_webaccelerator *
ibm qradar_vulnerability_manager 7.2.8
f5 big-ip_global_traffic_manager *
ibm qradar_vulnerability_manager 7.2.1
oracle linux 4
gnu bash *
suse studio_onsite 1.3
f5 big-ip_advanced_firewall_manager *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
opensuse opensuse 13.1
opensuse opensuse 12.3
ibm qradar_security_information_and_event_manager 7.2.5
redhat enterprise_linux_desktop 6.0
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.2.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
canonical ubuntu_linux 10.04
f5 big-ip_analytics *
oracle linux 6
qnap qts 4.1.1
f5 traffix_signaling_delivery_controller *
ibm pureapplication_system 2.0.0.0
apple mac_os_x *
vmware vcenter_server_appliance 5.1
redhat enterprise_linux_for_power_big_endian 5.9_ppc
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
novell zenworks_configuration_management 11.1
redhat enterprise_linux_eus 7.5
f5 big-ip_local_traffic_manager 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
redhat enterprise_linux_server_aus 7.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
novell open_enterprise_server 11.0
ibm stn7800_firmware *
redhat enterprise_linux_server 6.0
ibm software_defined_network_for_virtual_environments *
suse linux_enterprise_software_development_kit 11
f5 big-ip_access_policy_manager *
redhat virtualization 3.4
f5 big-ip_policy_enforcement_manager *
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux 4.0
ibm qradar_security_information_and_event_manager 7.2.6
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_server_aus 7.6
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
f5 big-ip_local_traffic_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 arx_firmware *
qnap qts *
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
vmware vcenter_server_appliance 5.5
f5 big-ip_edge_gateway *
redhat enterprise_linux_desktop 7.0
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux 7.0
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_advanced_firewall_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.4.1
f5 big-ip_link_controller *
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_security_information_and_event_manager 7.2.7
ibm storwize_v3700_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
redhat enterprise_linux_eus 5.9
f5 big-ip_global_traffic_manager 11.6.0
mageia mageia 4.0
redhat enterprise_linux_server_from_rhui 5.0
arista eos *
canonical ubuntu_linux 14.04
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_eus 6.5
f5 traffix_signaling_delivery_controller 4.1.0
f5 big-ip_application_security_manager *
redhat enterprise_linux_server_tus 7.7
oracle linux 5
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_server_aus 7.3
ibm qradar_vulnerability_manager 7.2.6
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.1
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_vulnerability_manager 7.2.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
citrix netscaler_sdx_firmware *
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
suse linux_enterprise_server 11
novell zenworks_configuration_management 11
f5 enterprise_manager *
ibm storwize_v7000_firmware *
ibm qradar_vulnerability_manager 7.2.2
ibm smartcloud_entry_appliance 3.2.0
novell zenworks_configuration_management 11.3.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_workstation 7.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux_server_aus 5.6
vmware vcenter_server_appliance 5.0
ibm workload_deployer *
ibm qradar_vulnerability_manager 7.2.3
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_aus 6.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
checkpoint security_gateway *
redhat gluster_storage_server_for_on-premise 2.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm stn6500_firmware *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
novell open_enterprise_server 2.0
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_eus 7.6
ibm smartcloud_entry_appliance 2.4.0
ibm infosphere_guardium_database_activity_monitoring 8.2
CVE-2014-7186 HIGH

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu bash 2.02.1
gnu bash 2.03
gnu bash 2.05
gnu bash 2.01
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 4.3
gnu bash 3.2
gnu bash 4.2
gnu bash 2.01.1
gnu bash 1.14.6
gnu bash 2.04
gnu bash 1.14.5
gnu bash 2.02
gnu bash 3.0.16
gnu bash 1.14.3
gnu bash 3.1
gnu bash 1.14.2
gnu bash 1.14.7
gnu bash 1.14.0
gnu bash 3.0
gnu bash 4.1
gnu bash 2.0
gnu bash 4.0
gnu bash 3.2.48
CVE-2014-7187 HIGH

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu bash 2.02.1
gnu bash 2.03
gnu bash 2.05
gnu bash 2.01
gnu bash 1.14.1
gnu bash 1.14.4
gnu bash 4.3
gnu bash 3.2
gnu bash 4.2
gnu bash 2.01.1
gnu bash 1.14.6
gnu bash 2.04
gnu bash 1.14.5
gnu bash 2.02
gnu bash 3.0.16
gnu bash 1.14.3
gnu bash 3.1
gnu bash 1.14.2
gnu bash 1.14.7
gnu bash 1.14.0
gnu bash 3.0
gnu bash 4.1
gnu bash 2.0
gnu bash 4.0
gnu bash 3.2.48
CVE-2014-7817 MEDIUM

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
gnu glibc 2.21
debian debian_linux 7.0
opensuse opensuse 13.1
CVE-2014-8121 MEDIUM

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
suse suse_linux_enterprise_desktop 11
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse suse_linux_enterprise_server 11.0
gnu glibc *
CVE-2014-8155 MEDIUM

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2014-8484 MEDIUM

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8485 HIGH

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8501 HIGH

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8502 HIGH

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8503 HIGH

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8504 HIGH

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8564 MEDIUM

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls 3.2.13
gnu gnutls 3.2.8.1
gnu gnutls 3.1.1
gnu gnutls 3.0.5
gnu gnutls 3.0.18
gnu gnutls 3.1.22
gnu gnutls 3.1.10
gnu gnutls 3.2.4
gnu gnutls 3.0.21
gnu gnutls 3.2.0
gnu gnutls 3.2.9
redhat enterprise_linux_hpc_node 7.0
gnu gnutls 3.2.14
gnu gnutls 3.1.13
gnu gnutls 3.0.17
gnu gnutls 3.1.9
gnu gnutls 3.1.18
gnu gnutls 3.0.4
gnu gnutls 3.1.26
gnu gnutls 3.3.7
gnu gnutls 3.1.14
gnu gnutls 3.0.7
gnu gnutls 3.1.24
gnu gnutls 3.0
opensuse opensuse 13.2
gnu gnutls 3.1.7
gnu gnutls 3.3.1
gnu gnutls 3.1.25
gnu gnutls 3.3.6
gnu gnutls 3.0.24
gnu gnutls 3.1.15
gnu gnutls 3.2.6
gnu gnutls 3.1.11
gnu gnutls 3.1.5
gnu gnutls 3.2.19
gnu gnutls 3.0.22
gnu gnutls 3.0.10
gnu gnutls 3.2.12
gnu gnutls 3.0.2
gnu gnutls 3.1.2
gnu gnutls 3.1.21
gnu gnutls 3.1.0
gnu gnutls 3.3.3
gnu gnutls 3.2.11
gnu gnutls 3.0.23
gnu gnutls 3.1.27
opensuse opensuse 13.1
gnu gnutls 3.1.16
opensuse opensuse 12.3
gnu gnutls 3.0.13
gnu gnutls 3.0.1
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.3.4
gnu gnutls 3.3.2
gnu gnutls 3.1.4
gnu gnutls 3.0.14
gnu gnutls 3.1.17
gnu gnutls 3.0.11
gnu gnutls 3.0.19
gnu gnutls 3.0.25
gnu gnutls 3.2.5
redhat enterprise_linux_server 7.0
gnu gnutls 3.0.26
gnu gnutls 3.0.8
gnu gnutls 3.1.23
gnu gnutls 3.2.2
gnu gnutls 3.2.7
gnu gnutls 3.0.9
gnu gnutls 3.2.15
redhat enterprise_linux_desktop 7.0
gnu gnutls 3.0.28
gnu gnutls 3.0.20
gnu gnutls 3.3.8
gnu gnutls 3.0.16
gnu gnutls 3.2.16
gnu gnutls 3.2.3
gnu gnutls 3.0.27
gnu gnutls 3.1.20
gnu gnutls 3.3.5
gnu gnutls 3.2.8
gnu gnutls 3.0.12
gnu gnutls 3.1.12
gnu gnutls 3.3.0
gnu gnutls 3.1.19
gnu gnutls 3.0.15
gnu gnutls 3.0.6
gnu gnutls 3.2.17
gnu gnutls 3.2.18
redhat enterprise_linux_workstation 7.0
gnu gnutls 3.3.9
canonical ubuntu_linux 14.10
gnu gnutls 3.0.0
gnu gnutls 3.2.1
gnu gnutls 3.2.10
gnu gnutls 3.0.3
gnu gnutls 3.2.12.1
gnu gnutls 3.1.8
CVE-2014-8737 LOW

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19
gnu binutils *
CVE-2014-8738 MEDIUM

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
debian debian_linux 7.0
fedoraproject fedora 20
fedoraproject fedora 21
gnu binutils *
CVE-2014-9112 MEDIUM

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu cpio 2.11
debian debian_linux 7.0
CVE-2014-9402 HIGH

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
opensuse opensuse 13.1
gnu glibc *
CVE-2014-9471 HIGH

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnu coreutils *
CVE-2014-9483 MEDIUM

Emacs 24.4 allows remote attackers to bypass security restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu emacs 24.4
CVE-2014-9488 HIGH

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
gnu less *
CVE-2014-9637 HIGH

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
mageia mageia 4.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnu patch *
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2014-9761 HIGH

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 23
suse linux_enterprise_software_development_kit 11.0
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse suse_linux_enterprise_server 12
suse linux_enterprise_server 11.0
gnu glibc *
suse linux_enterprise_desktop 11.0
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_debuginfo 11.0
CVE-2014-9939 HIGH

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2014-9984 HIGH

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-0235 HIGH

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
oracle communications_webrtc_session_controller 7.1
oracle exalogic_infrastructure 1.0
oracle communications_eagle_lnp_application_processor 10.0
ibm pureapplication_system 1.0.0.0
redhat virtualization 6.0
debian debian_linux 7.0
oracle linux 5
gnu glibc *
oracle communications_user_data_repository *
oracle communications_session_border_controller 8.0.0
oracle communications_application_session_controller *
oracle communications_policy_management 12.1.1
oracle communications_policy_management 11.5
oracle communications_webrtc_session_controller 7.2
php php *
oracle communications_webrtc_session_controller 7.0
oracle vm_virtualbox *
oracle communications_policy_management 9.7.3
oracle communications_eagle_application_processor 16.0
ibm security_access_manager_for_enterprise_single_sign-on 8.2
oracle communications_lsms 13.1
oracle communications_session_border_controller 7.2.0
oracle communications_policy_management 10.4.1
oracle communications_session_border_controller *
ibm pureapplication_system 1.1.0.0
oracle linux 7
oracle exalogic_infrastructure 2.0
ibm pureapplication_system 2.0.0.0
apple mac_os_x *
debian debian_linux 8.0
oracle communications_policy_management 9.9.1
CVE-2015-0282 MEDIUM

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2015-0294 MEDIUM

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnu gnutls *
redhat enterprise_linux 7.0
debian debian_linux 7.0
redhat enterprise_linux 5.0
CVE-2015-1196 MEDIUM

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu patch 2.7.1
opensuse opensuse 13.2
oracle solaris 11.2
opensuse opensuse 13.1
CVE-2015-1197 LOW

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu cpio 2.11
CVE-2015-1345 LOW

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu grep 2.20
opensuse opensuse 13.2
gnu grep 2.21
gnu grep 2.19
CVE-2015-1395 HIGH

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnu patch *
canonical ubuntu_linux 14.10
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2015-1396 MEDIUM

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnu patch *
debian debian_linux 11.0
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2015-1472 HIGH

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
gnu glibc *
CVE-2015-1473 MEDIUM

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
gnu glibc *
CVE-2015-1781 MEDIUM

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 11
debian debian_linux 7.0
suse linux_enterprise_server 11
suse linux_enterprise_debuginfo 11
gnu glibc *
CVE-2015-1865 LOW

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,CWE-367,

Products Affected

Vendor Product Version
gnu coreutils 8.4
CVE-2015-20109

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-2059 HIGH

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libidn *
opensuse opensuse 13.2
fedoraproject fedora 22
fedoraproject fedora 21
opensuse opensuse 13.1
CVE-2015-2775 HIGH

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
redhat enterprise_linux 7.0
debian debian_linux 7.0
gnu mailman *
CVE-2015-2806 HIGH

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
fedoraproject fedora 22
debian debian_linux 7.0
fedoraproject fedora 20
fedoraproject fedora 21
gnu libtasn1 *
CVE-2015-3308 HIGH

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
gnu gnutls *
CVE-2015-3622 MEDIUM

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
fedoraproject fedora 21
gnu libtasn1 *
CVE-2015-4041 MEDIUM

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu coreutils *
CVE-2015-4042 HIGH

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu coreutils *
CVE-2015-4155 LOW

GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu parallel *
CVE-2015-4156 LOW

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
gnu parallel *
CVE-2015-5180 MEDIUM

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnu glibc *
CVE-2015-5276 MEDIUM

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu gcc *
CVE-2015-5277 HIGH

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_server 7.0
gnu glibc *
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_workstation 7.0
CVE-2015-6251 MEDIUM

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu gnutls 3.3.3
gnu gnutls 3.3.5
gnu gnutls 3.3.11
gnu gnutls 3.3.10
gnu gnutls 3.3.0
gnu gnutls 3.3.12
gnu gnutls 3.4.0
gnu gnutls 3.3.13
gnu gnutls 3.3.14
gnu gnutls 3.3.7
gnu gnutls 3.4.1
gnu gnutls 3.3.8
gnu gnutls 3.3.1
gnu gnutls 3.3.4
gnu gnutls 3.3.2
gnu gnutls 3.3.6
debian debian_linux 8.0
gnu gnutls 3.4.2
gnu gnutls 3.4.3
gnu gnutls 3.3.9
gnu gnutls 3.3.15
gnu gnutls 3.3.16
CVE-2015-6806 MEDIUM

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnu_screen *
CVE-2015-7547 MEDIUM

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
gnu glibc 2.12
oracle exalogic_infrastructure 1.0
gnu glibc 2.17
hp helion_openstack 2.0.0
gnu glibc 2.11.3
oracle fujitsu_m10_firmware *
f5 big-ip_analytics 12.0.0
sophos unified_threat_management_software 9.355
gnu glibc 2.11.1
gnu glibc 2.18
gnu glibc 2.12.2
gnu glibc 2.21
redhat enterprise_linux_server 7.0
gnu glibc 2.14.1
f5 big-ip_domain_name_system 12.0.0
redhat enterprise_linux_hpc_node 7.0
f5 big-ip_link_controller 12.0.0
gnu glibc 2.12.1
gnu glibc 2.19
gnu glibc 2.10
redhat enterprise_linux_desktop 7.0
gnu glibc 2.15
gnu glibc 2.22
suse linux_enterprise_server 11.0
suse linux_enterprise_desktop 11.0
opensuse opensuse 13.2
oracle exalogic_infrastructure 2.0
hp helion_openstack 2.1.0
suse linux_enterprise_software_development_kit 11.0
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_eus 7.2
f5 big-ip_application_security_manager 12.0.0
suse suse_linux_enterprise_server 12
gnu glibc 2.14
redhat enterprise_linux_hpc_node_eus 7.2
gnu glibc 2.11.2
f5 big-ip_local_traffic_manager 12.0.0
gnu glibc 2.16
f5 big-ip_advanced_firewall_manager 12.0.0
hp helion_openstack 1.1.1
suse linux_enterprise_desktop 12
gnu glibc 2.13
suse linux_enterprise_debuginfo 11.0
redhat enterprise_linux_workstation 7.0
gnu glibc 2.10.1
f5 big-ip_application_acceleration_manager 12.0.0
canonical ubuntu_linux 15.10
hp server_migration_pack 7.5
f5 big-ip_policy_enforcement_manager 12.0.0
gnu glibc 2.11
f5 big-ip_access_policy_manager 12.0.0
sophos unified_threat_management_software 9.319
gnu glibc 2.20
redhat enterprise_linux_server_aus 7.2
gnu glibc 2.9
debian debian_linux 8.0
CVE-2015-8107 MEDIUM

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
gnu a2ps 4.14
CVE-2015-8313 MEDIUM

GnuTLS incorrectly validates the first byte of padding in CBC modes

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
gnu gnutls *
debian debian_linux 10.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2015-8370 MEDIUM

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-191,

Products Affected

Vendor Product Version
fedoraproject fedora 23
gnu grub2 1.99
gnu grub2 2.00
gnu grub2 2.02
gnu grub2 1.98
gnu grub2 2.01
CVE-2015-8776 MEDIUM

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 23
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 11
canonical ubuntu_linux 15.10
suse suse_linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_debuginfo 11
gnu glibc *
opensuse opensuse 13.2
suse linux_enterprise_server 11
debian debian_linux 8.0
suse linux_enterprise_desktop 12
CVE-2015-8777 LOW

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-8778 HIGH

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 23
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 11
canonical ubuntu_linux 15.10
suse suse_linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_debuginfo 11
gnu glibc *
opensuse opensuse 13.2
suse linux_enterprise_server 11
debian debian_linux 8.0
suse linux_enterprise_desktop 12
CVE-2015-8779 HIGH

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 23
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 11
canonical ubuntu_linux 15.10
suse suse_linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_debuginfo 11
gnu glibc *
opensuse opensuse 13.2
suse linux_enterprise_server 11
debian debian_linux 8.0
suse linux_enterprise_desktop 12
CVE-2015-8948 MEDIUM

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnu libidn *
opensuse opensuse 13.2
canonical ubuntu_linux 14.04
opensuse leap 42.1
canonical ubuntu_linux 12.04
CVE-2015-8972 HIGH

Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu chess *
CVE-2015-8982 MEDIUM

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-8983 MEDIUM

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-8984 MEDIUM

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2015-8985 MEDIUM

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2016-0634 MEDIUM

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gnu bash 4.3
CVE-2016-10228 MEDIUM

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2016-10324 HIGH

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu osip 4.1.0
CVE-2016-10325 MEDIUM

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu osip 4.1.0
CVE-2016-10326 MEDIUM

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu osip 4.1.0
CVE-2016-10713 MEDIUM

An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu patch *
CVE-2016-10739 MEDIUM

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse leap 15.0
gnu glibc *
CVE-2016-1234 MEDIUM

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 23
opensuse opensuse 13.2
opensuse leap 42.1
gnu glibc *
CVE-2016-2037 MEDIUM

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu cpio 2.11
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2016-2226 MEDIUM

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-190,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-2781 LOW

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
gnu coreutils *
CVE-2016-3075 MEDIUM

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 23
opensuse opensuse 13.2
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
gnu glibc *
CVE-2016-3706 MEDIUM

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
gnu glibc *
CVE-2016-4008 MEDIUM

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
fedoraproject fedora 23
canonical ubuntu_linux 16.04
fedoraproject fedora 24
opensuse opensuse 13.2
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
fedoraproject fedora 22
canonical ubuntu_linux 15.10
gnu libtasn1 *
CVE-2016-4429 MEDIUM

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
opensuse opensuse 13.2
canonical ubuntu_linux 14.04
opensuse leap 42.1
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.04
gnu glibc *
CVE-2016-4456 MEDIUM

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu gnutls 3.4.12
CVE-2016-4487 MEDIUM

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4488 MEDIUM

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4489 MEDIUM

Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4490 MEDIUM

Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4491 MEDIUM

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4492 MEDIUM

Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4493 MEDIUM

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libiberty *
CVE-2016-4971 MEDIUM

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle solaris 11.3
canonical ubuntu_linux 16.04
gnu wget *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
oracle solaris 10
canonical ubuntu_linux 15.10
paloaltonetworks pan-os *
CVE-2016-4973 MEDIUM

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libssp -
CVE-2016-5417 MEDIUM

Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2016-6131 MEDIUM

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu libiberty -
CVE-2016-6261 MEDIUM

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnu libidn *
canonical ubuntu_linux 14.04
opensuse leap 42.1
canonical ubuntu_linux 12.04
CVE-2016-6262 MEDIUM

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnu libidn *
opensuse opensuse 13.2
canonical ubuntu_linux 14.04
opensuse leap 42.1
canonical ubuntu_linux 12.04
CVE-2016-6263 MEDIUM

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libidn *
CVE-2016-6321 MEDIUM

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
gnu tar 1.15.91
gnu tar 1.16
gnu tar 1.29
gnu tar 1.24
gnu tar 1.16.1
gnu tar 1.22
gnu tar 1.19
gnu tar 1.23
gnu tar 1.21
gnu tar 1.25
gnu tar 1.28
gnu tar 1.15.90
gnu tar 1.14
gnu tar 1.17
gnu tar 1.27.1
gnu tar 1.15.1
gnu tar 1.18
gnu tar 1.26
gnu tar 1.27
gnu tar 1.20
gnu tar 1.15
CVE-2016-6323 MEDIUM

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
fedoraproject fedora 23
fedoraproject fedora 24
opensuse opensuse 13.2
fedoraproject fedora 25
gnu glibc *
CVE-2016-6893 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
gnu mailman 2.1.5
gnu mailman 2.1.10b3
gnu mailman 2.1.19
gnu mailman 2.1.11
gnu mailman 2.1.18
gnu mailman 2.1.2
gnu mailman 2.1.8
gnu mailman 2.1.6
gnu mailman 2.1.10
gnu mailman 2.1.23
gnu mailman 2.1.17
gnu mailman 2.1.22
gnu mailman 2.1.16
gnu mailman 2.1.10b1
gnu mailman 2.1.15
gnu mailman 2.1
gnu mailman 2.1.18-1
gnu mailman 2.1.14
gnu mailman 2.1.4
gnu mailman 2.1.12
gnu mailman 2.1.13
gnu mailman 2.1.10b4
gnu mailman 2.1.9
gnu mailman 2.1.3
gnu mailman 2.1.1
gnu mailman 2.1.14-1
gnu mailman 2.1.21
gnu mailman 2.1.20
CVE-2016-7098 MEDIUM

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnu wget *
CVE-2016-7123 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2016-7444 MEDIUM

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnu gnutls *
gnu gnutls 3.5.1
gnu gnutls 3.5.3
gnu gnutls 3.5.0
gnu gnutls 3.5.2
CVE-2016-7543 HIGH

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 23
fedoraproject fedora 24
gnu bash *
fedoraproject fedora 25
CVE-2016-8605 MEDIUM

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,

Products Affected

Vendor Product Version
fedoraproject fedora 23
fedoraproject fedora 24
fedoraproject fedora 25
gnu guile *
CVE-2016-8606 HIGH

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
fedoraproject fedora 23
fedoraproject fedora 24
fedoraproject fedora 25
gnu guile 2.0.12
CVE-2016-9401 LOW

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.4
gnu bash *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 7.7
gnu bash 4.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
CVE-2016-9842 MEDIUM

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,CWE-1335,

Products Affected

Vendor Product Version
oracle jdk 1.7.0
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 16.04
apple tvos *
redhat enterprise_linux_server 6.0
apple iphone_os *
opensuse leap 42.1
oracle jre 1.8.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
oracle jre 1.7.0
redhat enterprise_linux_workstation 7.0
opensuse leap 42.2
oracle jdk 1.6.0
redhat enterprise_linux_desktop 7.0
gnu zlib *
redhat enterprise_linux_desktop 6.0
oracle jre 1.6.0
redhat enterprise_linux_eus 7.4
oracle mysql *
opensuse opensuse 13.2
nodejs node.js *
oracle jdk 1.8.0
apple mac_os_x *
debian debian_linux 8.0
oracle database_server 18c
apple watchos *
redhat satellite 5.8
CVE-2017-1000366 HIGH

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.4
mcafee web_gateway *
redhat enterprise_linux_server 6.0
gnu glibc *
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server 6.6
redhat enterprise_linux_server_long_life 5.9
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
novell suse_linux_enterprise_desktop 12.0
opensuse leap 42.2
suse linux_enterprise_for_sap 12
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
suse linux_enterprise_server 10
redhat enterprise_linux_server_eus 6.2
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.3
suse linux_enterprise_software_development_kit 11.0
suse linux_enterprise_server 12
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_server_eus 7.2
novell suse_linux_enterprise_point_of_sale 11.0
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_server_aus 7.3
openstack cloud_magnum_orchestration 7
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_tus 6.5
suse linux_enterprise_server 11
debian debian_linux 9.0
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 5
redhat enterprise_linux_server_eus 6.5
suse linux_enterprise_server_for_raspberry_pi 12
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 6.4
novell suse_linux_enterprise_server 11.0
suse linux_enterprise_software_development_kit 12.0
redhat enterprise_linux_server_aus 7.2
debian debian_linux 8.0
CVE-2017-1000383 LOW

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu emacs *
CVE-2017-1000408 HIGH

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu glibc 2.1.1
CVE-2017-1000409 MEDIUM

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.5
CVE-2017-1000455 LOW

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.

CVSS 2.0

Severity: LOW

Problem Type: CWE-346,

Products Affected

Vendor Product Version
gnu guixsd *
CVE-2017-10684 HIGH

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-10685 HIGH

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-10790 MEDIUM

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libtasn1 *
CVE-2017-10791 MEDIUM

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu pspp 0.10.5-pre2
CVE-2017-10792 MEDIUM

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu pspp 0.10.5-pre2
CVE-2017-11112 MEDIUM

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-11113 MEDIUM

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-11671 LOW

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

CVSS 2.0

Severity: LOW

Problem Type: CWE-338,

Products Affected

Vendor Product Version
gnu gcc 5.4
gnu gcc 4.9
gnu gcc 5.1
gnu gcc 6.1
gnu gcc 4.7
gnu gcc 6.3
gnu gcc 4.8
gnu gcc 6.2
gnu gcc 5.0
gnu gcc 5.2
gnu gcc 6.0
gnu gcc 5.3
gnu gcc 4.6
CVE-2017-12132 MEDIUM

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-12133 MEDIUM

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-12448 MEDIUM

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12449 MEDIUM

The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12450 MEDIUM

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12451 MEDIUM

The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12452 MEDIUM

The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12453 MEDIUM

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12454 MEDIUM

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12455 MEDIUM

The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12456 MEDIUM

The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12457 MEDIUM

The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12458 MEDIUM

The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12459 MEDIUM

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2017-12799 MEDIUM

The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-12836 MEDIUM

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnu cvs 1.12.3
canonical ubuntu_linux 14.04
gnu cvs 1.12.10
gnu cvs 1.12.7
gnu cvs 1.12.11
gnu cvs 1.12.9
gnu cvs 1.12.12
gnu cvs 1.12.1
gnu cvs 1.12.6
gnu cvs 1.12.5
debian debian_linux 8.0
gnu cvs 1.12.13
debian debian_linux 9.0
canonical ubuntu_linux 17.04
CVE-2017-12958 MEDIUM

There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu pspp 0.11.0
CVE-2017-12959 MEDIUM

There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
gnu pspp 0.11.0
CVE-2017-12960 MEDIUM

There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
gnu pspp 0.11.0
CVE-2017-12961 MEDIUM

There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu pspp 0.11.0
CVE-2017-12967 MEDIUM

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-13089 HIGH

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
gnu wget *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-13090 HIGH

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-119,

Products Affected

Vendor Product Version
gnu wget *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-13710 MEDIUM

The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-13716 HIGH

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-13728 MEDIUM

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13729 MEDIUM

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13730 MEDIUM

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13731 MEDIUM

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13732 MEDIUM

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13733 MEDIUM

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13734 MEDIUM

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-13757 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14061 HIGH

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu libidn2 *
CVE-2017-14062 HIGH

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu libidn2 *
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-14128 MEDIUM

The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14129 MEDIUM

The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14130 MEDIUM

The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14333 MEDIUM

The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14482 MEDIUM

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu emacs *
debian debian_linux 8.0
CVE-2017-14529 MEDIUM

The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14729 MEDIUM

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14745 MEDIUM

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14930 HIGH

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14932 MEDIUM

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14933 MEDIUM

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14934 MEDIUM

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14938 MEDIUM

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14939 MEDIUM

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14940 MEDIUM

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-14974 MEDIUM

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15020 MEDIUM

dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15021 MEDIUM

bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15022 MEDIUM

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15023 MEDIUM

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15024 MEDIUM

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15025 MEDIUM

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15225 MEDIUM

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15266 MEDIUM

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15267 MEDIUM

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15600 MEDIUM

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15601 MEDIUM

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15602 MEDIUM

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15670 HIGH

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-15671 MEDIUM

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-15804 HIGH

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-15922 MEDIUM

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libextractor 1.4
CVE-2017-15938 MEDIUM

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15939 MEDIUM

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-15996 MEDIUM

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29
CVE-2017-16826 MEDIUM

The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16827 MEDIUM

The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16828 MEDIUM

The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16829 MEDIUM

The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16830 MEDIUM

The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16831 MEDIUM

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16832 MEDIUM

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-16879 MEDIUM

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu ncurses 6.0
CVE-2017-16997 HIGH

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
gnu glibc 2.20
gnu glibc 2.23
redhat enterprise_linux_desktop 7.0
gnu glibc 2.21
redhat enterprise_linux_server 7.0
gnu glibc 2.25
gnu glibc 2.26
gnu glibc 2.22
redhat enterprise_linux_workstation 7.0
gnu glibc 2.19
CVE-2017-17080 MEDIUM

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17121 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17122 MEDIUM

The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17123 MEDIUM

The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17124 MEDIUM

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17125 MEDIUM

nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17126 MEDIUM

The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2017-17426 MEDIUM

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu glibc 2.26
CVE-2017-17440 MEDIUM

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libextractor 1.6
CVE-2017-17531 MEDIUM

gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
gnu global 4.8.6
CVE-2017-18018 LOW

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
gnu coreutils *
CVE-2017-18198 MEDIUM

print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libcdio *
CVE-2017-18199 MEDIUM

realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libcdio *
CVE-2017-18201 HIGH

An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu libcdio *
CVE-2017-18269 HIGH

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2017-5334 HIGH

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu gnutls 3.5.4
opensuse leap 42.2
gnu gnutls 3.5.5
gnu gnutls 3.5.7
opensuse leap 42.1
gnu gnutls *
gnu gnutls 3.5.1
gnu gnutls 3.5.6
gnu gnutls 3.5.3
gnu gnutls 3.5.0
gnu gnutls 3.5.2
CVE-2017-5335 MEDIUM

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu gnutls 3.5.4
opensuse leap 42.2
gnu gnutls 3.5.5
gnu gnutls 3.5.7
opensuse leap 42.1
gnu gnutls *
gnu gnutls 3.5.1
gnu gnutls 3.5.6
gnu gnutls 3.5.3
gnu gnutls 3.5.0
gnu gnutls 3.5.2
CVE-2017-5336 HIGH

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 3.5.4
opensuse leap 42.2
gnu gnutls 3.5.5
gnu gnutls 3.5.7
opensuse leap 42.1
gnu gnutls *
gnu gnutls 3.5.1
gnu gnutls 3.5.6
gnu gnutls 3.5.3
gnu gnutls 3.5.0
gnu gnutls 3.5.2
CVE-2017-5337 HIGH

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu gnutls 3.5.4
opensuse leap 42.2
gnu gnutls 3.5.5
gnu gnutls 3.5.7
opensuse leap 42.1
gnu gnutls *
gnu gnutls 3.5.1
gnu gnutls 3.5.6
gnu gnutls 3.5.3
gnu gnutls 3.5.0
gnu gnutls 3.5.2
CVE-2017-5357 MEDIUM

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 25
gnu ed *
CVE-2017-5618 HIGH

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
gnu screen *
CVE-2017-5932 MEDIUM

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu bash 4.4
CVE-2017-6508 MEDIUM

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
gnu wget *
CVE-2017-6891 MEDIUM

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
apache bookkeeper 4.12.1
gnu libtasn1 4.10
CVE-2017-6965 MEDIUM

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-6966 MEDIUM

readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-6969 MEDIUM

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7209 MEDIUM

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7210 MEDIUM

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7223 MEDIUM

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7224 MEDIUM

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7225 MEDIUM

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7226 MEDIUM

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7227 MEDIUM

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7299 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7300 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7301 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7302 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7303 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7304 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7507 MEDIUM

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2017-7614 HIGH

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-7853 MEDIUM

In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu osip 5.0.0
CVE-2017-7869 MEDIUM

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2017-8392 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8393 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8394 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8395 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8396 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8397 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8398 MEDIUM

dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8421 HIGH

The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-8804 HIGH

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
gnu glibc 2.25
CVE-2017-9038 MEDIUM

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9039 MEDIUM

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9040 MEDIUM

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9041 MEDIUM

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9042 MEDIUM

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9043 MEDIUM

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9044 MEDIUM

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9103 HIGH

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
gnu adns *
fedoraproject fedora 31
CVE-2017-9104 HIGH

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
gnu adns *
fedoraproject fedora 31
CVE-2017-9105 HIGH

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 32
gnu adns *
fedoraproject fedora 31
CVE-2017-9106 MEDIUM

An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 32
gnu adns *
fedoraproject fedora 31
CVE-2017-9107 MEDIUM

An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 32
gnu adns *
fedoraproject fedora 31
CVE-2017-9108 MEDIUM

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
gnu adns *
fedoraproject fedora 31
CVE-2017-9109 HIGH

An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
gnu adns *
fedoraproject fedora 31
CVE-2017-9742 MEDIUM

The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9743 MEDIUM

The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9744 MEDIUM

The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9745 MEDIUM

The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9746 MEDIUM

The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9747 MEDIUM

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9748 MEDIUM

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9749 MEDIUM

The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9750 MEDIUM

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9751 MEDIUM

opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9752 MEDIUM

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9753 MEDIUM

The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9754 MEDIUM

The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9755 MEDIUM

opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9756 MEDIUM

The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9778 MEDIUM

GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-770,

Products Affected

Vendor Product Version
gnu gdb *
CVE-2017-9954 MEDIUM

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2017-9955 MEDIUM

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.28
CVE-2018-0494 MEDIUM

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 7.0
canonical ubuntu_linux 17.10
gnu wget *
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
redhat enterprise_linux_workstation 7.0
CVE-2018-0618 LOW

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
gnu mailman *
CVE-2018-1000001 HIGH

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat virtualization_host 4.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_desktop 7.0
gnu glibc *
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
CVE-2018-1000097 MEDIUM

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu sharutils 4.15.2
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-1000156 MEDIUM

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.2
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
gnu patch 2.7.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_tus 6.6
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_eus 7.5
CVE-2018-1000654 HIGH

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu libtasn1 4.12
gnu libtasn1 4.13
CVE-2018-1000876 MEDIUM

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
gnu binutils *
redhat enterprise_linux_workstation 7.0
CVE-2018-10372 MEDIUM

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-10373 MEDIUM

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-10534 MEDIUM

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-10535 MEDIUM

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-10844 MEDIUM

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-385,CWE-327,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 16.04
gnu gnutls *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 19.04
debian debian_linux 8.0
canonical ubuntu_linux 18.04
fedoraproject fedora 31
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.10
CVE-2018-10845 MEDIUM

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-385,CWE-327,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 16.04
gnu gnutls *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 19.04
debian debian_linux 8.0
canonical ubuntu_linux 18.04
fedoraproject fedora 31
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.10
CVE-2018-10846 LOW

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-385,CWE-327,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 16.04
gnu gnutls *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 19.04
debian debian_linux 8.0
canonical ubuntu_linux 18.04
fedoraproject fedora 31
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.10
CVE-2018-11236 HIGH

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
redhat virtualization_host 4.0
oracle enterprise_communications_broker 3.0.0
oracle communications_session_border_controller 8.1.0
redhat enterprise_linux_desktop 7.0
oracle communications_session_border_controller 8.2.0
gnu glibc *
oracle communications_session_border_controller 8.0.0
netapp data_ontap_edge -
redhat enterprise_linux_server 7.0
netapp element_software_management -
oracle enterprise_communications_broker 3.1.0
redhat enterprise_linux_workstation 7.0
CVE-2018-11237 MEDIUM

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat virtualization_host 4.0
oracle enterprise_communications_broker 3.0.0
canonical ubuntu_linux 16.04
oracle communications_session_border_controller 8.1.0
redhat enterprise_linux_desktop 7.0
oracle communications_session_border_controller 8.2.0
gnu glibc *
oracle communications_session_border_controller 8.0.0
canonical ubuntu_linux 19.10
netapp data_ontap_edge -
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
netapp element_software_management -
oracle enterprise_communications_broker 3.1.0
redhat enterprise_linux_workstation 7.0
CVE-2018-12641 MEDIUM

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-12697 MEDIUM

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.30
canonical ubuntu_linux 16.04.4
CVE-2018-12698 MEDIUM

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu binutils 2.30
canonical ubuntu_linux 16.04.4
CVE-2018-12699 HIGH

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.30
canonical ubuntu_linux 16.04.4
CVE-2018-12886 MEDIUM

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
gnu gcc *
CVE-2018-12934 MEDIUM

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-13033 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat openshift_container_platform 3.11
redhat enterprise_linux_workstation 7.0
CVE-2018-13796 MEDIUM

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu mailman *
CVE-2018-14346 MEDIUM

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-14347 MEDIUM

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-14443 MEDIUM

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2018-14471 MEDIUM

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2018-14524 MEDIUM

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2018-16430 MEDIUM

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-16868 LOW

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
gnu gnutls *
CVE-2018-17358 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-17359 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-17360 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-17794 MEDIUM

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-17942 MEDIUM

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu gnulib *
CVE-2018-17985 MEDIUM

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18309 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18483 MEDIUM

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18484 MEDIUM

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18605 MEDIUM

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.31
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
netapp data_ontap -
CVE-2018-18606 MEDIUM

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.31
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
netapp data_ontap -
CVE-2018-18607 MEDIUM

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.31
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
netapp data_ontap -
CVE-2018-18700 MEDIUM

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18701 MEDIUM

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu binutils 2.31
CVE-2018-18751 HIGH

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux 7.0
canonical ubuntu_linux 18.04
gnu gettext 0.19.8
canonical ubuntu_linux 18.10
CVE-2018-19211 MEDIUM

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu ncurses 6.1
CVE-2018-19217 MEDIUM

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu ncurses 6.1
CVE-2018-19591 MEDIUM

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-404,

Products Affected

Vendor Product Version
fedoraproject fedora 29
fedoraproject fedora 28
gnu glibc *
CVE-2018-19931 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netapp vasa_provider *
canonical ubuntu_linux 18.04
gnu binutils *
CVE-2018-19932 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netapp vasa_provider *
gnu binutils *
CVE-2018-20002 MEDIUM

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
netapp vasa_provider *
gnu binutils 2.31
f5 traffix_signaling_delivery_controller *
f5 traffix_signaling_delivery_controller 4.4.0
CVE-2018-20230 MEDIUM

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu pspp 1.2.0
CVE-2018-20430 MEDIUM

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-20431 MEDIUM

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-20482 LOW

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-835,

Products Affected

Vendor Product Version
opensuse leap 15.0
debian debian_linux 8.0
debian debian_linux 9.0
gnu tar *
CVE-2018-20483 LOW

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu wget *
CVE-2018-20623 MEDIUM

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-20651 MEDIUM

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-20657 MEDIUM

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
f5 traffix_signaling_delivery_controller *
f5 traffix_signaling_delivery_controller 4.4.0
CVE-2018-20671 MEDIUM

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2018-20673 MEDIUM

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-20712 MEDIUM

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
CVE-2018-20796 MEDIUM

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp steelstore_cloud_integrated_storage -
gnu glibc *
netapp cloud_backup *
CVE-2018-20969 HIGH

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gnu patch *
CVE-2018-5950 MEDIUM

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_eus 7.4
gnu mailman *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.4
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
CVE-2018-6003 MEDIUM

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
fedoraproject fedora 27
fedoraproject fedora 26
gnu libtasn1 *
debian debian_linux 9.0
CVE-2018-6323 MEDIUM

The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.29.1
CVE-2018-6485 HIGH

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
redhat virtualization_host 4.0
oracle enterprise_communications_broker 3.0.0
oracle communications_session_border_controller 8.1.0
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
oracle communications_session_border_controller 8.2.0
gnu glibc *
oracle communications_session_border_controller 8.0.0
netapp virtual_storage_console -
netapp cloud_backup -
netapp vasa_provider *
netapp storage_replication_adapter *
netapp data_ontap_edge -
netapp element_software -
redhat enterprise_linux_server 7.0
netapp element_software_management -
netapp vasa_provider 6.x
oracle enterprise_communications_broker 3.1.0
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_workstation 7.0
CVE-2018-6543 MEDIUM

In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-6551 HIGH

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2018-6759 MEDIUM

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-6872 MEDIUM

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-6951 MEDIUM

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
gnu patch *
CVE-2018-6952 MEDIUM

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu patch *
CVE-2018-7208 MEDIUM

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-7568 MEDIUM

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-7569 MEDIUM

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-191,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-7570 MEDIUM

The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2018-7642 MEDIUM

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-7643 MEDIUM

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-8945 MEDIUM

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
gnu binutils 2.30
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-9138 MEDIUM

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu binutils 2.30
gnu binutils 2.29
CVE-2018-9996 MEDIUM

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu binutils 2.30
CVE-2019-1010022 HIGH

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc -
CVE-2019-1010023 MEDIUM

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu glibc -
CVE-2019-1010024 MEDIUM

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnu glibc -
CVE-2019-1010025 MEDIUM

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
gnu glibc -
CVE-2019-1010180 MEDIUM

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.0
gnu gdb *
CVE-2019-1010204 MEDIUM

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-681,

Products Affected

Vendor Product Version
netapp hci_management_node -
gnu binutils_gold *
gnu binutils *
netapp solidfire -
CVE-2019-11637 MEDIUM

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-476,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-11638 MEDIUM

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-476,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-11639 MEDIUM

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-11640 MEDIUM

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-12290 MEDIUM

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnu libidn2 *
CVE-2019-12972 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
gnu binutils 2.32
canonical ubuntu_linux 18.04
CVE-2019-13636 MEDIUM

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnu patch *
CVE-2019-13638 HIGH

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
gnu patch 2.7.6
CVE-2019-14250 MEDIUM

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
opensuse leap 15.2
gnu binutils 2.32
opensuse leap 15.0
canonical ubuntu_linux 18.04
CVE-2019-14444 MEDIUM

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netapp hci_management_node -
opensuse leap 15.1
opensuse leap 15.2
gnu binutils 2.32
canonical ubuntu_linux 18.04
netapp solidfire -
CVE-2019-14865 MEDIUM

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-267,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu grub2 -
CVE-2019-14866 MEDIUM

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu cpio *
CVE-2019-15531 MEDIUM

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 29
gnu libextractor *
debian debian_linux 8.0
debian debian_linux 9.0
fedoraproject fedora 30
fedoraproject fedora 31
CVE-2019-15767 MEDIUM

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu chess 6.2.5
CVE-2019-15847 MEDIUM

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu gcc *
opensuse leap 15.0
CVE-2019-16165 MEDIUM

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu cflow *
CVE-2019-16166 MEDIUM

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu cflow *
CVE-2019-16200 MEDIUM

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
gnu serveez *
CVE-2019-17450 MEDIUM

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
gnu binutils 2.32
canonical ubuntu_linux 18.04
CVE-2019-17451 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
gnu binutils 2.32
canonical ubuntu_linux 18.04
CVE-2019-17544 MEDIUM

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
gnu aspell *
CVE-2019-17594 MEDIUM

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.0
gnu ncurses *
CVE-2019-17595 MEDIUM

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.0
gnu ncurses *
CVE-2019-18192 MEDIUM

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
gnu guix 1.0.1
CVE-2019-18224 HIGH

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libidn2 *
CVE-2019-18276 HIGH

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-273,CWE-273,

Products Affected

Vendor Product Version
netapp hci_management_node -
netapp oncommand_unified_manager *
gnu bash *
oracle communications_cloud_native_core_policy 1.14.0
gnu bash 5.0
netapp solidfire -
CVE-2019-18397 MEDIUM

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
gnu fribidi *
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2019-18862 MEDIUM

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu mailutils *
CVE-2019-19126 LOW

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
debian debian_linux 10.0
canonical ubuntu_linux 18.04
fedoraproject fedora 30
fedoraproject fedora 31
gnu glibc *
CVE-2019-20009 MEDIUM

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg *
CVE-2019-20010 MEDIUM

An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.2
CVE-2019-20011 MEDIUM

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.2
CVE-2019-20012 MEDIUM

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.2
CVE-2019-20013 MEDIUM

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg *
CVE-2019-20014 MEDIUM

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg *
CVE-2019-20015 MEDIUM

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.2
CVE-2019-20433 MEDIUM

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu aspell *
CVE-2019-20633 MEDIUM

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu patch *
CVE-2019-20909 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20910 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20911 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20912 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20913 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20914 HIGH

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-20915 MEDIUM

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2019-25013 HIGH

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
netapp service_processor -
netapp a250_firmware -
debian debian_linux 10.0
broadcom fabric_operating_system -
gnu glibc *
netapp 500f_firmware -
CVE-2019-25051 MEDIUM

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu aspell 0.60.8
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 9.0
CVE-2019-3697 HIGH

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
meissner@suse.de 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu gnump3d *
CVE-2019-3829 MEDIUM

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-415,CWE-416,

Products Affected

Vendor Product Version
gnu gnutls *
fedoraproject fedora -
CVE-2019-3836 MEDIUM

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-456,CWE-824,

Products Affected

Vendor Product Version
gnu gnutls *
opensuse leap 15.0
fedoraproject fedora 28
CVE-2019-5953 HIGH

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu wget *
CVE-2019-6455 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6456 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6457 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6458 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6459 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6460 MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu recutils 1.8
CVE-2019-6488 MEDIUM

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2019-7309 LOW

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2019-9070 MEDIUM

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnu binutils 2.32
f5 traffix_signaling_delivery_controller *
canonical ubuntu_linux 18.04
netapp element_software_management *
CVE-2019-9071 MEDIUM

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
netapp hci_management_node -
gnu binutils 2.32
canonical ubuntu_linux 18.04
netapp solidfire -
CVE-2019-9072 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
netapp hci_management_node -
gnu binutils 2.32
netapp solidfire -
CVE-2019-9073 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
netapp hci_management_node -
gnu binutils 2.32
canonical ubuntu_linux 18.04
netapp solidfire -
CVE-2019-9074 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp hci_management_node -
gnu binutils 2.32
canonical ubuntu_linux 18.04
netapp solidfire -
CVE-2019-9075 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_analytics 15.0.0
netapp hci_management_node -
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_fraud_protection_service 15.0.0
canonical ubuntu_linux 18.04
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_policy_webaccelerator 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 15.0.0
gnu binutils 2.32
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_analytics 14.1.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.0.0
netapp solidfire -
CVE-2019-9076 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
gnu binutils 2.32
netapp element_software_management *
CVE-2019-9077 MEDIUM

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.32
f5 traffix_signaling_delivery_controller *
netapp element_software -
canonical ubuntu_linux 18.04
CVE-2019-9169 HIGH

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
netapp ontap_select_deploy_administration_utility -
mcafee web_gateway *
canonical ubuntu_linux 18.04
netapp steelstore_cloud_integrated_storage -
gnu glibc *
netapp cloud_backup *
CVE-2019-9192 MEDIUM

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu glibc *
CVE-2019-9211 MEDIUM

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
fedoraproject fedora 29
suse backports -
gnu pspp 1.2.0
CVE-2019-9770 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9771 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9772 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9773 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9774 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9775 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9776 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9777 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9778 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9779 MEDIUM

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnu libredwg 0.7
gnu libredwg 0.7.1645
opensuse backports_sle 15.0
CVE-2019-9923 MEDIUM

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.0
gnu tar *
CVE-2019-9924 HIGH

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
netapp hci_management_node -
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
gnu bash 4.4
canonical ubuntu_linux 12.04
opensuse leap 42.3
gnu bash *
debian debian_linux 8.0
netapp solidfire -
CVE-2020-10029 LOW

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
canonical ubuntu_linux 16.04
netapp h410c_firmware -
debian debian_linux 10.0
netapp active_iq_unified_manager -
fedoraproject fedora 30
fedoraproject fedora 31
gnu glibc *
netapp cloud_backup -
netapp hci_management_node -
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
netapp steelstore_cloud_integrated_storage -
netapp solidfire -
CVE-2020-10713 MEDIUM

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
opensuse leap 15.1
vmware photon_os *
opensuse leap 15.2
debian debian_linux 10.0
gnu grub2 *
CVE-2020-11501 MEDIUM

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
canonical ubuntu_linux 19.10
gnu gnutls *
debian debian_linux 10.0
fedoraproject fedora 31
CVE-2020-12108 MEDIUM

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
opensuse leap 15.2
debian debian_linux 10.0
opensuse backports_sle 15.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
gnu mailman *
fedoraproject fedora 31
CVE-2020-12137 MEDIUM

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 16.04
opensuse leap 15.2
debian debian_linux 10.0
opensuse backports_sle 15.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
gnu mailman *
fedoraproject fedora 31
CVE-2020-13777 MEDIUM

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 19.10
gnu gnutls *
debian debian_linux 10.0
canonical ubuntu_linux 20.04
fedoraproject fedora 31
CVE-2020-14150 LOW

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu bison *
CVE-2020-14308 MEDIUM

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
gnu grub2 *
CVE-2020-14309 MEDIUM

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
gnu grub2 *
CVE-2020-14310 LOW

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
secalert@redhat.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-122,CWE-190,CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 8.2
opensuse leap 15.2
redhat enterprise_linux 7.0
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.1
gnu grub2 *
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_aus 8.2
CVE-2020-14311 LOW

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
secalert@redhat.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-122,CWE-190,CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 8.2
opensuse leap 15.2
redhat enterprise_linux 7.0
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.1
gnu grub2 *
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_aus 8.2
CVE-2020-14372 MEDIUM

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-184,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
netapp cloud_backup -
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2020-15011 LOW

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 10.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
gnu mailman *
CVE-2020-15705 MEDIUM

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
security@ubuntu.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
microsoft windows_10 1803
microsoft windows_10 1809
canonical ubuntu_linux 14.04
opensuse leap 15.2
debian debian_linux 10.0
suse suse_linux_enterprise_server 12
microsoft windows_server_2012 r2
microsoft windows_server_2016 1909
redhat enterprise_linux 8.0
redhat enterprise_linux_atomic_host -
suse suse_linux_enterprise_server 15
suse suse_linux_enterprise_server 11
microsoft windows_10 2004
canonical ubuntu_linux 18.04
microsoft windows_rt_8.1 -
microsoft windows_10 1709
redhat enterprise_linux 7.0
canonical ubuntu_linux 20.04
gnu grub2 *
microsoft windows_server_2012 -
microsoft windows_server_2016 2004
microsoft windows_10 1903
microsoft windows_10 1607
microsoft windows_10 1909
microsoft windows_server_2019 -
microsoft windows_server_2016 -
microsoft windows_10 -
microsoft windows_server_2016 1903
microsoft windows_8.1 -
redhat openshift_container_platform 4.0
CVE-2020-15706 MEDIUM

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,CWE-416,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
microsoft windows_10 1803
microsoft windows_10 1809
canonical ubuntu_linux 14.04
opensuse leap 15.2
debian debian_linux 10.0
suse suse_linux_enterprise_server 12
microsoft windows_server_2012 r2
microsoft windows_server_2016 1909
redhat enterprise_linux 8.0
redhat enterprise_linux_atomic_host -
suse suse_linux_enterprise_server 15
suse suse_linux_enterprise_server 11
microsoft windows_10 2004
canonical ubuntu_linux 18.04
microsoft windows_rt_8.1 -
microsoft windows_10 1709
redhat enterprise_linux 7.0
canonical ubuntu_linux 20.04
gnu grub2 *
microsoft windows_server_2012 -
microsoft windows_server_2016 2004
microsoft windows_10 1903
microsoft windows_10 1607
microsoft windows_10 1909
microsoft windows_server_2019 -
microsoft windows_server_2016 -
microsoft windows_10 -
microsoft windows_server_2016 1903
microsoft windows_8.1 -
redhat openshift_container_platform 4.0
CVE-2020-15707 MEDIUM

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.5 5.2
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-190,CWE-362,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
microsoft windows_10 1803
microsoft windows_10 1809
canonical ubuntu_linux 14.04
opensuse leap 15.2
debian debian_linux 10.0
suse suse_linux_enterprise_server 12
microsoft windows_server_2012 r2
microsoft windows_server_2016 1909
redhat enterprise_linux 8.0
redhat enterprise_linux_atomic_host -
suse suse_linux_enterprise_server 15
suse suse_linux_enterprise_server 11
microsoft windows_10 2004
canonical ubuntu_linux 18.04
microsoft windows_rt_8.1 -
netapp active_iq_unified_manager *
microsoft windows_10 1709
redhat enterprise_linux 7.0
canonical ubuntu_linux 20.04
gnu grub2 *
microsoft windows_server_2012 -
microsoft windows_server_2016 2004
microsoft windows_10 1903
microsoft windows_10 1607
microsoft windows_10 1909
microsoft windows_server_2019 -
microsoft windows_server_2016 -
microsoft windows_10 -
microsoft windows_server_2016 1903
microsoft windows_8.1 -
redhat openshift_container_platform 4.0
CVE-2020-15807 MEDIUM

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2020-16590 MEDIUM

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35
CVE-2020-16591 MEDIUM

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35
CVE-2020-16592 MEDIUM

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.34
CVE-2020-16593 MEDIUM

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35
netapp cloud_backup -
CVE-2020-16599 MEDIUM

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp hci_management_node -
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35
netapp solidfire -
netapp cloud_backup -
CVE-2020-1751 MEDIUM

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.04
gnu glibc *
CVE-2020-1752 LOW

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9
secalert@redhat.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
netapp hci_management_node -
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
netapp active_iq_unified_manager *
netapp h410c_firmware -
debian debian_linux 10.0
canonical ubuntu_linux 18.04
netapp steelstore_cloud_integrated_storage -
gnu glibc *
netapp solidfire -
CVE-2020-18395 MEDIUM

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu gama 2.04
CVE-2020-19185

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
netapp active_iq_unified_manager -
CVE-2020-19186

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
netapp active_iq_unified_manager -
CVE-2020-19187

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
netapp active_iq_unified_manager -
CVE-2020-19188

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
netapp active_iq_unified_manager -
CVE-2020-19189

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
debian debian_linux 10.0
netapp active_iq_unified_manager -
CVE-2020-19190

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu ncurses 6.1
netapp active_iq_unified_manager -
CVE-2020-19724

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2020-19726

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
gnu binutils 2.36
CVE-2020-21490

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2020-21813 MEDIUM

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21814 MEDIUM

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21815 MEDIUM

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21816 MEDIUM

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21817 MEDIUM

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21818 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21819 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.2641
CVE-2020-21827 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21830 MEDIUM

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21831 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21832 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21833 MEDIUM

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21834 MEDIUM

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21835 MEDIUM

A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21836 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21838 MEDIUM

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21839 MEDIUM

An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21840 MEDIUM

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21841 MEDIUM

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21842 MEDIUM

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21843 MEDIUM

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-21844 MEDIUM

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu libredwg 0.10
CVE-2020-23856 LOW

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 34
gnu cflow 1.6
CVE-2020-23861 MEDIUM

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.10.1
CVE-2020-24240 HIGH

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu bison 3.7
CVE-2020-24659 MEDIUM

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
fedoraproject fedora 33
gnu gnutls *
opensuse leap 15.2
canonical ubuntu_linux 20.04
CVE-2020-25632 HIGH

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2020-25647 HIGH

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2020-27618 LOW

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp h410c_firmware -
netapp a250_firmware -
debian debian_linux 10.0
netapp h700e_firmware -
gnu glibc *
netapp h300s_firmware -
netapp h410s_firmware -
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
netapp h700s_firmware -
netapp h500e_firmware -
netapp h300e_firmware -
netapp 500f_firmware -
CVE-2020-27749 HIGH

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2020-27779 MEDIUM

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2020-29562 LOW

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,CWE-617,

Products Affected

Vendor Product Version
fedoraproject fedora 32
netapp e-series_santricity_os_controller *
gnu glibc *
CVE-2020-29573 MEDIUM

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netapp solidfire_baseboard_management_controller -
redhat enterprise_linux 7.0
gnu glibc *
netapp cloud_backup -
CVE-2020-35342

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2020-35357

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu gnu_scientific_library 2.6
debian debian_linux 10.0
gnu gnu_scientific_library 2.5
CVE-2020-35448 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35.1
CVE-2020-35493 MEDIUM

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
netapp hci_compute_node_firmware -
netapp ontap_select_deploy_administration_utility -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
gnu binutils *
netapp cloud_backup -
CVE-2020-35494 MEDIUM

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 1.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
netapp hci_compute_node_firmware -
netapp ontap_select_deploy_administration_utility -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
gnu binutils *
netapp cloud_backup -
CVE-2020-35495 MEDIUM

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
netapp hci_compute_node_firmware -
netapp ontap_select_deploy_administration_utility -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
gnu binutils *
netapp cloud_backup -
CVE-2020-35496 MEDIUM

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
netapp hci_compute_node_firmware -
netapp ontap_select_deploy_administration_utility -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
gnu binutils *
netapp cloud_backup -
CVE-2020-35507 MEDIUM

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp hci_compute_node_firmware -
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
gnu binutils *
netapp cloud_backup -
CVE-2020-6096 MEDIUM

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-195,CWE-191,CWE-681,

Products Affected

Vendor Product Version
fedoraproject fedora 32
debian debian_linux 10.0
fedoraproject fedora 31
gnu glibc *
CVE-2020-6609 MEDIUM

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-6610 MEDIUM

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports sle-15
gnu libredwg 0.9.3.2564
CVE-2020-6611 MEDIUM

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-6612 MEDIUM

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-6613 MEDIUM

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-6614 MEDIUM

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-6615 MEDIUM

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnu libredwg 0.9.3.2564
CVE-2020-9366 HIGH

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu screen *
CVE-2021-20193 MEDIUM

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-125,CWE-401,

Products Affected

Vendor Product Version
gnu tar *
CVE-2021-20197 LOW

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,CWE-59,CWE-362,

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
gnu binutils *
netapp cloud_backup -
CVE-2021-20225 HIGH

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2021-20231 HIGH

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
netapp e-series_performance_analyzer -
redhat enterprise_linux 8.0
gnu gnutls *
netapp active_iq_unified_manager -
fedoraproject fedora 34
CVE-2021-20232 HIGH

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
gnu gnutls *
fedoraproject fedora 34
CVE-2021-20233 HIGH

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.7
gnu grub2 *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 8.1
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
CVE-2021-20284 MEDIUM

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
gnu binutils 2.35.1
netapp cloud_backup -
CVE-2021-20294 MEDIUM

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2021-26937 HIGH

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-88,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
debian debian_linux 10.0
debian debian_linux 9.0
gnu screen *
CVE-2021-27645 LOW

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 10.0
fedoraproject fedora 34
gnu glibc *
CVE-2021-27851 LOW

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,CWE-59,

Products Affected

Vendor Product Version
gnu guix *
CVE-2021-28236 MEDIUM

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg 0.12.3
CVE-2021-28237 HIGH

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.12.3
CVE-2021-28968 LOW

An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnu punbb *
CVE-2021-30184 MEDIUM

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
gnu chess 6.2.7
fedoraproject fedora 34
CVE-2021-31879 MEDIUM

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system_firmware -
gnu wget *
netapp ontap_select_deploy_administration_utility -
netapp a250_firmware -
netapp 500f_firmware -
netapp cloud_backup -
CVE-2021-32256

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Products Affected

Vendor Product Version
gnu binutils 2.36
CVE-2021-3326 MEDIUM

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,CWE-617,

Products Affected

Vendor Product Version
netapp e-series_santricity_os_controller *
netapp ontap_select_deploy_administration_utility -
oracle communications_cloud_native_core_security_edge_protection_proxy 1.5.0
fujitsu m12-2_firmware *
fujitsu m10-4s_firmware *
debian debian_linux 10.0
fujitsu m12-1_firmware *
fujitsu m10-1_firmware *
gnu glibc *
fujitsu m10-4_firmware *
fujitsu m12-2s_firmware *
CVE-2021-33574 HIGH

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 33
netapp h500s_firmware -
netapp e-series_santricity_os_controller *
debian debian_linux 10.0
netapp h700e_firmware -
fedoraproject fedora 34
gnu glibc 2.33
netapp h300s_firmware -
netapp h410s_firmware -
netapp cloud_backup -
gnu glibc 2.32
netapp h700s_firmware -
netapp solidfire_baseboard_management_controller_firmware -
netapp h500e_firmware -
netapp h300e_firmware -
CVE-2021-3418 MEDIUM

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

Products Affected

Vendor Product Version
gnu mailman *
CVE-2021-3466 HIGH

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
fedoraproject fedora 34
redhat enterprise_linux 6.0
gnu libmicrohttpd 0.9.70
CVE-2021-3530 MEDIUM

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
gnu binutils 2.36
netapp ontap_select_deploy_administration_utility -
CVE-2021-3549 MEDIUM

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.36
CVE-2021-35942 MEDIUM

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-704,

Products Affected

Vendor Product Version
netapp hci_management_node -
netapp e-series_santricity_os_controller *
netapp ontap_select_deploy_administration_utility -
debian debian_linux 10.0
netapp active_iq_unified_manager -
gnu glibc *
netapp solidfire -
CVE-2021-36080 MEDIUM

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-3695 MEDIUM

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 1.0 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat codeready_linux_builder -
redhat openshift 3.0
redhat enterprise_linux 8.4
redhat openshift_container_platform 4.10
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat openshift_container_platform 4.9
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux 8.1
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux 9.0
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_eus 8.2
redhat developer_tools 1.0
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
gnu grub2 *
redhat openshift_container_platform 4.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
fedoraproject fedora 36
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian 8.0
CVE-2021-3696 MEDIUM

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 1.0 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat codeready_linux_builder -
redhat openshift 3.0
redhat enterprise_linux 8.4
redhat openshift_container_platform 4.10
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat openshift_container_platform 4.9
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux 8.1
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux 9.0
netapp ontap_select_deploy_administration_utility -
redhat enterprise_linux_eus 8.2
redhat developer_tools 1.0
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
gnu grub2 *
redhat openshift_container_platform 4.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian 8.0
CVE-2021-3697 MEDIUM

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat codeready_linux_builder -
redhat openshift 3.0
redhat enterprise_linux 8.4
redhat openshift_container_platform 4.10
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat openshift_container_platform 4.9
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.4
gnu grub *
redhat enterprise_linux 8.1
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat developer_tools 1.0
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
gnu grub2 *
redhat openshift_container_platform 4.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian 8.0
CVE-2021-37322 MEDIUM

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu gcc *
gnu binutils *
CVE-2021-38185 MEDIUM

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
gnu cpio *
CVE-2021-3826

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnu gcc 11.2
fedoraproject fedora 35
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2021-38604 MEDIUM

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
oracle enterprise_operations_monitor 4.3
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle enterprise_operations_monitor 5.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_network_repository_function 22.1.2
fedoraproject fedora 35
oracle enterprise_operations_monitor 4.4
gnu glibc *
oracle communications_cloud_native_core_unified_data_repository 22.2.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
CVE-2021-39521 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39522 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39523 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39525 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39527 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39528 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39530 MEDIUM

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-39537 MEDIUM

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apple macos 11.7
apple mac_os_x 10.12.6
gnu ncurses *
apple macos 13.0
CVE-2021-3981 LOW

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
fedoraproject fedora 34
gnu grub2 *
CVE-2021-3998

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h700s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp h410c_firmware -
gnu glibc *
netapp h300s_firmware -
netapp h410s_firmware -
CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
netapp e-series_performance_analyzer -
netapp h500s_firmware -
netapp h700s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp h410c_firmware -
debian debian_linux 11.0
debian debian_linux 10.0
gnu glibc *
netapp h300s_firmware -
netapp nfs_plug-in *
netapp h410s_firmware -
CVE-2021-40491 MEDIUM

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
gnu inetutils *
debian debian_linux 10.0
CVE-2021-4209

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
redhat enterprise_linux 8.0
gnu gnutls *
netapp active_iq_unified_manager -
netapp hci_bootstrap_os -
CVE-2021-42096 MEDIUM

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
debian debian_linux 10.0
gnu mailman *
CVE-2021-42097 HIGH

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
debian debian_linux 10.0
gnu mailman *
CVE-2021-42585 MEDIUM

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-42586 MEDIUM

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-43331 MEDIUM

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnu mailman *
CVE-2021-43332 MEDIUM

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnu mailman *
CVE-2021-43396 MEDIUM

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle enterprise_operations_monitor 4.3
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle enterprise_operations_monitor 5.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_network_repository_function 22.1.2
gnu glibc 2.34
oracle enterprise_operations_monitor 4.4
oracle communications_cloud_native_core_unified_data_repository 22.2.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
CVE-2021-43411 HIGH

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnu hurd *
CVE-2021-43412 HIGH

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu hurd *
CVE-2021-43413 HIGH

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnu hurd *
CVE-2021-43414 MEDIUM

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
gnu hurd *
CVE-2021-44227 MEDIUM

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnu mailman *
CVE-2021-45078 MEDIUM

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
debian debian_linux 11.0
fedoraproject fedora 35
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 9.0
gnu binutils *
CVE-2021-45261 MEDIUM

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,

Products Affected

Vendor Product Version
gnu patch 2.7
CVE-2021-45950 MEDIUM

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2021-46019 MEDIUM

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnu recutils 1.8.90
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2021-46021 MEDIUM

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu recutils 1.8.90
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2021-46022 MEDIUM

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu recutils 1.8.90
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2021-46174

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2021-46195 MEDIUM

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu gcc 12.0
CVE-2021-46705 LOW

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
meissner@suse.de 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 2.5 2.5
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-377,

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Products Affected

Vendor Product Version
fedoraproject fedora 35
debian debian_linux 10.0
gnu libtasn1 *
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
redhat jboss_data_grid 7.0.0
debian debian_linux 10.0
tukaani xz *
gnu gzip *
CVE-2022-23218 HIGH

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
oracle enterprise_operations_monitor 4.3
oracle enterprise_operations_monitor 5.0
debian debian_linux 10.0
oracle enterprise_operations_monitor 4.4
gnu glibc *
oracle communications_cloud_native_core_unified_data_repository 22.2.0
CVE-2022-23219 HIGH

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
oracle enterprise_operations_monitor 4.3
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle enterprise_operations_monitor 5.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_network_repository_function 22.1.2
debian debian_linux 10.0
oracle enterprise_operations_monitor 4.4
gnu glibc *
oracle communications_cloud_native_core_unified_data_repository 22.2.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 1.2 2.5
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

Products Affected

Vendor Product Version
debian debian_linux 11.0
gnu gnu_sasl *
debian debian_linux 10.0
CVE-2022-2509

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu gnutls *
debian debian_linux 11.0
fedoraproject fedora 35
debian debian_linux 10.0
CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu fribidi *
CVE-2022-25309

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu fribidi *
CVE-2022-25310

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu fribidi *
CVE-2022-2601

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
gnu grub2 *
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
fedoraproject fedora 37
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
CVE-2022-27943 MEDIUM

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnu gcc 11.2
fedoraproject fedora 36
CVE-2022-28733

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
gnu grub2 *
CVE-2022-28735

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2022-28736

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2022-29458 MEDIUM

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apple macos *
gnu ncurses 6.3
gnu ncurses *
CVE-2022-33024 MEDIUM

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
gnu libredwg 0.12.4.4608
CVE-2022-33025 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu libredwg -
CVE-2022-33026 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg -
CVE-2022-33027 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnu libredwg -
CVE-2022-33028 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg -
CVE-2022-33032 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg -
CVE-2022-33033 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnu libredwg 0.12.4.4608
CVE-2022-33034 MEDIUM

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnu libredwg 0.12.4.4608
CVE-2022-35164

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2022-35205

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils 2.38.50
CVE-2022-35206

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils 2.38.50
CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
gnu bash *
CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
gnu grub2 *
CVE-2022-38533

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Products Affected

Vendor Product Version
gnu binutils *
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-39028

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Products Affected

Vendor Product Version
gnu inetutils *
debian debian_linux 10.0
netkit-telnet_project netkit-telnet *
mit kerberos_5 *
CVE-2022-39046

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h700s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp h410c_firmware -
gnu glibc 2.36
netapp h300s_firmware -
netapp h410s_firmware -
CVE-2022-39831

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 36
gnu pspp 1.6.2
CVE-2022-39832

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 36
gnu pspp 1.6.2
CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
gnu osip 5.3.0
CVE-2022-4285

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
gnu binutils *
fedoraproject fedora 37
CVE-2022-44840

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-45332

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

Products Affected

Vendor Product Version
gnu libredwg 0.12.4.4643
CVE-2022-45703

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-45939

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 10.0
gnu emacs *
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-46663

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
gnu less *
CVE-2022-47007

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47008

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47010

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47011

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47673

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47695

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-47696

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-48063

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 38
gnu binutils *
fedoraproject fedora 37
CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 39
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 38
gnu binutils *
CVE-2022-48303

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 37
gnu tar *
CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
debian debian_linux 11.0
gnu emacs *
CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
gnu emacs *
CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu emacs *
CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
gnu gnutls 3.6.8-11.el8_2
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
debian debian_linux 10.0
netapp active_iq_unified_manager -
fedoraproject fedora 38
fedoraproject fedora 37
fedoraproject fedora 36
netapp converged_systems_advisor_agent -
CVE-2023-0687 MEDIUM

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
gnu glibc 2.38
gnu glibc *
CVE-2023-1579

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu binutils 2.40
gnu binutils 2.39
CVE-2023-1972

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu screen *
CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.8
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_server_aus 9.2
gnu emacs 26.1-9.el8
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_eus 8.8
gnu emacs 27.2-8.el9
CVE-2023-25139

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnu glibc 2.37
CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
gnu libredwg 0.12.5
CVE-2023-25584

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2
secalert@redhat.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H 1.0 5.2

Products Affected

Vendor Product Version
gnu binutils *
CVE-2023-25585

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils 2.40
CVE-2023-25586

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils 2.40
CVE-2023-25588

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu binutils 2.40
CVE-2023-26157

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
report@snyk.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu libredwg *
CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
cve@mitre.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
gnu libmicrohttpd *
CVE-2023-2789 LOW

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
gnu cflow 1.7
CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu emacs *
CVE-2023-27986

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu emacs *
CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu org_mode *
CVE-2023-29491

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Products Affected

Vendor Product Version
gnu ncurses *
CVE-2023-36271

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

Products Affected

Vendor Product Version
gnu libredwg 0.12.5
CVE-2023-36272

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

Products Affected

Vendor Product Version
gnu libredwg 0.12.5
CVE-2023-36273

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Products Affected

Vendor Product Version
gnu libredwg 0.12.5
CVE-2023-36274

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

Products Affected

Vendor Product Version
gnu libredwg 0.12.5
CVE-2023-39128

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

Products Affected

Vendor Product Version
gnu gdb 13.0.50.20220805-git
CVE-2023-39129

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

Products Affected

Vendor Product Version
gnu gdb 13.0.50.20220805-git
CVE-2023-39130

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

Products Affected

Vendor Product Version
gnu gdb 13.0.50.20220805-git
CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Products Affected

Vendor Product Version
gnu tar *
CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 39
fedoraproject fedora 38
gnu grub2 -
CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu inetutils *
CVE-2023-40305

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu indent 2.2.13
CVE-2023-4039

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5
arm-security@arm.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
gnu gcc *
CVE-2023-4156

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2
secalert@redhat.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 1.8 2.5

Products Affected

Vendor Product Version
gnu gawk *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
fedoraproject fedora 38
CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2

Products Affected

Vendor Product Version
netapp h410c_firmware -
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_s390x 9.2
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
redhat codeready_linux_builder_eus 9.2
gnu glibc *
netapp h300s_firmware -
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 9.2
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_server_aus 9.2
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x
netapp h500s_firmware -
redhat enterprise_linux 9.0
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
fedoraproject fedora 38
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_tus 8.8
netapp h410s_firmware -
redhat enterprise_linux_eus 8.8
netapp h700s_firmware -
redhat codeready_linux_builder_eus_for_power_little_endian 9.0_ppc64le
redhat codeready_linux_builder_for_arm64 9.0_aarch64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
fedoraproject fedora 37
CVE-2023-4692

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu grub2 -
gnu grub2 *
CVE-2023-4693

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 0.8 4.0

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu grub2 -
gnu grub2 *
CVE-2023-4806

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_s390x 9.2
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
gnu glibc 2.33
redhat codeready_linux_builder_eus 9.2
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 9.2
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_server_aus 9.2
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x
redhat enterprise_linux 9.0
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux 7.0
fedoraproject fedora 38
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_tus 8.8
redhat enterprise_linux_eus 8.8
redhat codeready_linux_builder_eus_for_power_little_endian 9.0_ppc64le
redhat codeready_linux_builder_for_arm64 9.0_aarch64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
fedoraproject fedora 37
CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
netapp h500s_firmware -
redhat enterprise_linux 9.0
netapp h410c_firmware -
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_s390x 9.2
netapp active_iq_unified_manager -
fedoraproject fedora 38
gnu glibc *
netapp h300s_firmware -
redhat enterprise_linux_server_tus 8.8
netapp h410s_firmware -
redhat enterprise_linux_eus 8.8
netapp h700s_firmware -
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 9.2
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_server_aus 9.2
CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
netapp bootstrap_os -
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.6
debian debian_linux 13.0
redhat enterprise_linux_eus 9.6
netapp h410c_firmware -
redhat enterprise_linux_for_arm_64_eus 8.6_aarch64
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
redhat codeready_linux_builder_eus 9.2
gnu glibc *
redhat enterprise_linux_eus 9.4
fedoraproject fedora 39
redhat codeready_linux_builder_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x
redhat virtualization_host 4.0
redhat enterprise_linux 9.0
redhat codeready_linux_builder_eus 9.6
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
fedoraproject fedora 38
redhat enterprise_linux_update_services_for_sap_solutions 9.4
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat codeready_linux_builder_eus 8.6
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.4_s390x
debian debian_linux 12.0
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.6_s390x
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux_server_aus 9.6
canonical ubuntu_linux 23.04
redhat virtualization 4.0
redhat enterprise_linux_for_power_big_endian_eus 8.6_ppc64le
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat codeready_linux_builder_for_arm64_eus 9.4_aarch64
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat codeready_linux_builder_for_power_little_endian_eus 9.6_ppc64le
debian debian_linux 11.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat codeready_linux_builder_for_arm64_eus 8.6
netapp h300s_firmware -
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 9.2
redhat codeready_linux_builder_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat codeready_linux_builder_eus 9.4
redhat codeready_linux_builder_for_arm64_eus 9.6_aarch64
netapp h500s_firmware -
canonical ubuntu_linux 22.04
netapp ontap_select_deploy_administration_utility -
redhat codeready_linux_builder_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
netapp h410s_firmware -
netapp h700s_firmware -
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.6
gnu glibc -
redhat codeready_linux_builder_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_server_tus 8.6
redhat codeready_linux_builder 9.0
redhat codeready_linux_builder_for_arm64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64
fedoraproject fedora 37
CVE-2023-4949

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@google.com 8.1 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H 1.5 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
xen xen -
gnu grub *
CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu glibc *
CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
redhat linux 9.0
gnu gnutls *
debian debian_linux 10.0
redhat linux 8.0
fedoraproject fedora 38
fedoraproject fedora 37
gnu gnutls 1.5.0
CVE-2023-6246

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 39
fedoraproject fedora 38
gnu glibc *
CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 39
fedoraproject fedora 38
gnu glibc *
CVE-2023-6780

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
fedoraproject fedora 39
fedoraproject fedora 38
gnu glibc *
CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
gnu cpio 2.13
CVE-2023-7216

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
secalert@redhat.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu cpio -
redhat enterprise_linux 7.0
CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 39
redhat enterprise_linux 8.0
gnu gnutls *
CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 39
gnu gnutls *
debian debian_linux 11.0
netapp active_iq_unified_manager -
fedoraproject fedora 38
CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu coreutils 9.3
gnu coreutils 9.2
gnu coreutils 9.4
CVE-2024-0911

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnu indent 2.2.13
CVE-2024-1048

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
secalert@redhat.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 40
redhat enterprise_linux 8.0
gnu grub2 -
CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
netapp bootstrap_os -
gnu grub2 *
CVE-2024-27630

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.

Products Affected

Vendor Product Version
gnu savane *
CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php

Products Affected

Vendor Product Version
gnu savane *
CVE-2024-27632

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.

Products Affected

Vendor Product Version
gnu savane *
CVE-2024-29399

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

Products Affected

Vendor Product Version
gnu savane *
CVE-2024-30202

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

Products Affected

Vendor Product Version
gnu org_mode *
gnu emacs *
CVE-2024-30203

In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

Products Affected

Vendor Product Version
gnu org_mode *
debian debian_linux 10.0
gnu emacs *
CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

Products Affected

Vendor Product Version
gnu org_mode *
debian debian_linux 10.0
gnu emacs *
CVE-2024-30205

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

Products Affected

Vendor Product Version
gnu org_mode *
debian debian_linux 10.0
gnu emacs *
CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410c_firmware -
debian debian_linux 10.0
gnu glibc *
netapp h300s_firmware -
netapp hci_bootstrap_os -
netapp h410s_firmware -
CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h610c_firmware -
netapp h410c_firmware -
netapp h615c_firmware -
debian debian_linux 10.0
netapp active_iq_unified_manager -
gnu glibc *
netapp h300s_firmware -
netapp h410s_firmware -
netapp h700s_firmware -
netapp hci_bootstrap_os -
netapp h610s_firmware -
CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h700s_firmware -
netapp h610c_firmware -
netapp h410c_firmware -
netapp h615c_firmware -
debian debian_linux 10.0
gnu glibc *
netapp h300s_firmware -
netapp hci_bootstrap_os -
netapp h410s_firmware -
netapp h610s_firmware -
CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp h700s_firmware -
netapp solidfire_&_hci_management_node -
netapp h410c_firmware -
debian debian_linux 10.0
netapp element_software -
netapp solidfire_&_hci_storage_node -
gnu glibc *
netapp h300s_firmware -
netapp hci_bootstrap_os -
netapp h410s_firmware -
CVE-2024-36600

Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

Products Affected

Vendor Product Version
gnu libcdio *
gnu libcdio 2.1.0
CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Products Affected

Vendor Product Version
gnu wget *
CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

Products Affected

Vendor Product Version
gnu emacs *
CVE-2024-45777

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat openshift 4.0
redhat enterprise_linux 7.0
gnu grub2 *
redhat enterprise_linux 10.0
CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.5 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu grub2 *
redhat openshift_container_platform 4.0
CVE-2024-45779

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 0.8 5.2
secalert@redhat.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N 0.5 3.6

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu grub2 *
redhat openshift_container_platform 4.0
CVE-2024-50610

GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.

Products Affected

Vendor Product Version
gnu gnu_scientific_library *
CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnu emacs *
CVE-2024-56737

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2024-56738

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.0 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu nano *
redhat enterprise_linux 6.0
CVE-2025-0678

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu grub2 *
redhat openshift_container_platform 4.0
CVE-2025-0684

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-0685

A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-0686

A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-0689

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-0840 MEDIUM

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-121,CWE-787,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-11081 LOW

A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11082 MEDIUM

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11083 MEDIUM

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-1125

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-11412 LOW

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11413 LOW

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11414 LOW

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-1147 LOW

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1148 LOW

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,CWE-401,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1149 LOW

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-11494 LOW

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11495 LOW

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-1151 LOW

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,CWE-401,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1152 LOW

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,CWE-401,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1153 LOW

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.44
gnu binutils 2.43
CVE-2025-1176 MEDIUM

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1178 MEDIUM

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp active_iq_unified_manager -
gnu binutils 2.43
CVE-2025-1179 MEDIUM

A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1180 LOW

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-1181 MEDIUM

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp active_iq_unified_manager -
gnu binutils 2.43
CVE-2025-1182 MEDIUM

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils 2.43
CVE-2025-11839 LOW

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-252,CWE-253,CWE-252,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-11840 LOW

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-125,CWE-125,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-13151

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnu libtasn1 4.20.0
CVE-2025-15281

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Products Affected

Vendor Product Version
gnu glibc *
CVE-2025-3198 LOW

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,CWE-401,

Products Affected

Vendor Product Version
gnu binutils 2.44
gnu binutils 2.43
CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 2.2 4.2

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
gnu gnutls *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu gnutls -
redhat enterprise_linux 6.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-32990

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
gnu gnutls -
redhat enterprise_linux 6.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
gnu mailman *
CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N 2.2 2.7
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
gnu mailman *
CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
gnu mailman *
CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 1.0 2.7

Products Affected

Vendor Product Version
gnu tar *
CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
gnu pspp *
CVE-2025-47814

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L 1.4 2.7

Products Affected

Vendor Product Version
gnu pspp *
CVE-2025-47815

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L 1.4 2.7

Products Affected

Vendor Product Version
gnu pspp *
CVE-2025-47816

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
gnu pspp *
CVE-2025-4802

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnu glibc *
CVE-2025-48188

libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
gnu pspp *
CVE-2025-5001 LOW

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-189,CWE-190,CWE-190,

Products Affected

Vendor Product Version
gnu pspp -
CVE-2025-5244 MEDIUM

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-5245 MEDIUM

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-5702

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
gnu glibc *
CVE-2025-5745

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
gnu glibc *
CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Products Affected

Vendor Product Version
gnu libmicrohttpd *
CVE-2025-61662

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.9 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 1.4 3.4

Products Affected

Vendor Product Version
gnu grub2 *
CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Products Affected

Vendor Product Version
gnu libmicrohttpd *
CVE-2025-65409

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

Products Affected

Vendor Product Version
gnu recutils 1.9
CVE-2025-66861

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-66862

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-66863

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-66864

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-66865

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-66866

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Products Affected

Vendor Product Version
gnu binutils 2.26
CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
gnu wget2 *
CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
gnu wget2 *
CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Products Affected

Vendor Product Version
gnu binutils 2.44
CVE-2025-69646

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Products Affected

Vendor Product Version
gnu binutils 2.44
CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69650

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69651

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

Products Affected

Vendor Product Version
gnu binutils *
CVE-2025-7545 MEDIUM

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-7546 MEDIUM

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
gnu binutils 2.45
CVE-2025-8224 LOW

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,CWE-476,

Products Affected

Vendor Product Version
gnu binutils 2.44
CVE-2025-8225 LOW

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,CWE-401,

Products Affected

Vendor Product Version
gnu binutils 2.44
CVE-2025-8746 LOW

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
gnu libopts *
CVE-2026-0861

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-0915

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnu inetutils *
debian debian_linux 11.0
CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9

Products Affected

Vendor Product Version
gnu inetutils *
CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L 1.8 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
gnu binutils -
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L 1.8 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
gnu binutils -
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue.  However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well.  Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-4046

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-4437

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-4438

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Products Affected

Vendor Product Version
gnu glibc *
CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 1.8 4.2
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 1.8 4.2

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
gnu binutils -
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0