Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Filter

755 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10739 2 Gnu, Opensuse 2 Glibc, Leap 2019-08-06 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume...
CVE-2018-1000876 1 Gnu 1 Binutils 2019-08-06 4.6
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows...
CVE-2019-1010025 1 Gnu 1 Glibc 2019-08-05 5.0
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
CVE-2018-20651 1 Gnu 1 Binutils 2019-08-03 4.3
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A...
CVE-2018-19932 1 Gnu 1 Binutils 2019-08-03 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
CVE-2018-19931 1 Gnu 1 Binutils 2019-08-03 6.8
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is...
CVE-2018-12699 2 Gnu, Canonical 2 Binutils, Ubuntu Linux 2019-08-03 7.5
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during...
CVE-2018-12697 2 Gnu, Canonical 2 Binutils, Ubuntu Linux 2019-08-03 5.0
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-10535 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a...
CVE-2018-10534 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the...
CVE-2018-10373 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary...
CVE-2018-10372 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
CVE-2019-1010180 1 Gnu 1 Gdb 2019-08-01 6.8
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for...
CVE-2018-1000156 4 Gnu, Canonical, Debian and 1 more 9 Patch, Ubuntu Linux, Debian Linux and 6 more 2019-07-30 6.8
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed...
CVE-2019-13636 1 Gnu 1 Patch 2019-07-24 5.8
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2019-1010022 1 Gnu 1 Glibc 2019-07-18 7.5
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass...
CVE-2009-3555 8 Mozilla, Openssl, Microsoft and 5 more 9 Openssl, Nss, Iis and 6 more 2019-07-03 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network...
CVE-2019-5953 1 Gnu 1 Wget 2019-07-02 7.5
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVE-2019-12972 1 Gnu 1 Binutils 2019-06-27 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx...
CVE-2012-6711 2 Gnu, Redhat 2 Bash, Enterprise Linux 2019-06-20 4.6
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data...