Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Filter

755 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17360 1 Gnu 1 Binutils 2019-10-03 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE...
CVE-2017-15602 1 Gnu 1 Libextractor 2019-10-03 5.0
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
CVE-2017-13728 1 Gnu 1 Ncurses 2019-10-03 4.3
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
CVE-2017-5618 1 Gnu 1 Screen 2019-10-03 7.2
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVE-2018-10844 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-10-03 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing...
CVE-2018-18700 1 Gnu 1 Binutils 2019-10-03 4.3
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in...
CVE-2019-1010024 1 Gnu 1 Glibc 2019-09-20 5.0
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.
CVE-2019-16165 1 Gnu 1 Cflow 2019-09-10 4.3
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
CVE-2019-16166 1 Gnu 1 Cflow 2019-09-10 4.3
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
CVE-2019-15847 1 Gnu 1 Gcc 2019-09-05 5.0
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile...
CVE-2018-20969 1 Gnu 1 Patch 2019-09-05 9.3
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2019-15767 1 Gnu 1 Chess 2019-09-03 6.8
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
CVE-2019-15531 1 Gnu 1 Libextractor 2019-08-31 4.3
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
CVE-2018-10754 1 Gnu 1 Ncurses 2019-08-30 2.1
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-14444 1 Gnu 1 Binutils 2019-08-22 4.3
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-14250 1 Gnu 1 Binutils 2019-08-22 4.3
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-1010204 1 Gnu 1 Binutils 2019-08-22 4.3
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497,...
CVE-2019-13638 2 Gnu, Debian 2 Patch, Debian Linux 2019-08-16 9.3
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the...
CVE-2015-8985 1 Gnu 1 Glibc 2019-08-15 4.3
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.