Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe


727 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19211 1 Gnu 1 Ncurses 2019-04-22 4.3
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias...
CVE-2018-10754 1 Gnu 1 Ncurses 2019-04-22 5.0
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in...
CVE-2016-10739 1 Gnu 1 Glibc 2019-04-20 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume...
CVE-2019-9923 1 Gnu 1 Tar 2019-04-18 5.0
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2018-20482 2 Gnu, Debian 2 Tar, Debian Linux 2019-04-18 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2018-19217 1 Gnu 1 Ncurses 2019-04-18 4.3
** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for...
CVE-2019-9211 1 Gnu 1 Pspp 2019-04-17 4.3
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
CVE-2018-6952 1 Gnu 1 Patch 2019-04-17 5.0
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
CVE-2018-6951 2 Gnu, Canonical 2 Patch, Ubuntu Linux 2019-04-17 5.0
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
CVE-2018-1000156 4 Gnu, Canonical, Debian and 1 more 9 Patch, Ubuntu Linux, Debian Linux and 6 more 2019-04-17 6.8
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed...
CVE-2017-14938 1 Gnu 1 Binutils 2019-04-16 4.3
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a...
CVE-2019-9169 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-04-16 7.5
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2019-3836 1 Gnu 1 Gnutls 2019-04-15 5.0
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVE-2019-3829 2 Gnu, Fedoraproject 2 Gnutls, Fedora 2019-04-15 5.0
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or...
CVE-2018-13796 1 Gnu 1 Mailman 2019-04-15 4.3
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
CVE-2019-9924 2 Gnu, Debian 2 Bash, Debian Linux 2019-04-11 7.2
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2005-3590 1 Gnu 1 Glibc 2019-04-11 7.5
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers...
CVE-2006-7254 1 Gnu 1 Glibc 2019-04-11 2.1
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
CVE-2018-20483 1 Gnu 1 Wget 2019-04-09 2.1
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g.,...
CVE-2014-8155 1 Gnu 1 Gnutls 2019-04-08 4.3
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.