Filtered by vendor Gnu
Subscriptions
Total
1082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18192 | 1 Gnu | 1 Guix | 2024-11-21 | 7.8 High |
| GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | ||||
| CVE-2019-17595 | 3 Gnu, Opensuse, Redhat | 3 Ncurses, Leap, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | ||||
| CVE-2019-17594 | 3 Gnu, Opensuse, Redhat | 3 Ncurses, Leap, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | ||||
| CVE-2019-17544 | 2 Canonical, Gnu | 2 Ubuntu Linux, Aspell | 2024-11-21 | 9.1 Critical |
| libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | ||||
| CVE-2019-17451 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Binutils, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | ||||
| CVE-2019-17450 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Binutils, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | ||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2024-11-21 | 7.5 High |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | ||||
| CVE-2019-16166 | 1 Gnu | 1 Cflow | 2024-11-21 | 6.5 Medium |
| GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | ||||
| CVE-2019-16165 | 1 Gnu | 1 Cflow | 2024-11-21 | 6.5 Medium |
| GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | ||||
| CVE-2019-15847 | 3 Gnu, Opensuse, Redhat | 4 Gcc, Leap, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. | ||||
| CVE-2019-15767 | 1 Gnu | 1 Chess | 2024-11-21 | N/A |
| In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | ||||
| CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2024-11-21 | 6.5 Medium |
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | ||||
| CVE-2019-14444 | 4 Canonical, Gnu, Netapp and 1 more | 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more | 2024-11-21 | 5.5 Medium |
| apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | ||||
| CVE-2019-14250 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | ||||
| CVE-2019-13638 | 3 Debian, Gnu, Redhat | 7 Debian Linux, Patch, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | ||||
| CVE-2019-13636 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | ||||
| CVE-2019-12972 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. | ||||
| CVE-2019-12290 | 1 Gnu | 1 Libidn2 | 2024-11-21 | 7.5 High |
| GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. | ||||
| CVE-2019-11640 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. | ||||
| CVE-2019-11639 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. | ||||