| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-20482 |
2 Gnu, Debian |
2 Tar, Debian Linux |
2019-02-14 |
1.9 |
| GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be... |
| CVE-2018-20483 |
1 Gnu |
1 Wget |
2019-02-14 |
2.1 |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g.,... |
| CVE-2015-5276 |
1 Gnu |
1 Gcc |
2019-02-12 |
5.0 |
| The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via... |
| CVE-2016-10739 |
1 Gnu |
1 Glibc |
2019-02-08 |
4.6 |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume... |
| CVE-2019-7309 |
1 Gnu |
1 Glibc |
2019-02-06 |
2.1 |
| In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
| CVE-2019-6488 |
1 Gnu |
1 Glibc |
2019-02-05 |
4.6 |
| The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly... |
| CVE-2018-16868 |
1 Gnu |
1 Gnutls |
2019-01-31 |
3.3 |
| A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use... |
| CVE-2018-20657 |
1 Gnu |
1 Binutils |
2019-01-31 |
5.0 |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to... |
| CVE-2018-20712 |
1 Gnu |
1 Binutils |
2019-01-22 |
4.3 |
| A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. |
| CVE-2018-20651 |
1 Gnu |
1 Binutils |
2019-01-18 |
4.3 |
| A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A... |
| CVE-2019-6455 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. |
| CVE-2019-6456 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. |
| CVE-2019-6457 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. |
| CVE-2019-6458 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. |
| CVE-2019-6459 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. |
| CVE-2019-6460 |
1 Gnu |
1 Recutils |
2019-01-17 |
4.3 |
| An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. |
| CVE-2018-20673 |
1 Gnu |
1 Binutils |
2019-01-15 |
4.3 |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer... |
| CVE-2018-20671 |
1 Gnu |
1 Binutils |
2019-01-14 |
4.3 |
| load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. |
| CVE-2018-20430 |
2 Gnu, Debian |
2 Libextractor, Debian Linux |
2019-01-11 |
4.3 |
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. |
| CVE-2018-18309 |
1 Gnu |
1 Binutils |
2019-01-11 |
4.3 |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault... |
