Shodan
Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-12-22
CVE-2021-45078
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-15
CVE-2021-28236
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-02
CVE-2021-28237
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-02
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-12-02
CVE-2021-37322
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-11-18
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-11-12
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-12
CVE-2021-43411
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-11-07
CVE-2021-43412
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved