| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-19211 |
1 Gnu |
1 Ncurses |
2019-04-22 |
4.3 |
| In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias... |
| CVE-2018-10754 |
1 Gnu |
1 Ncurses |
2019-04-22 |
5.0 |
| In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in... |
| CVE-2016-10739 |
1 Gnu |
1 Glibc |
2019-04-20 |
4.6 |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume... |
| CVE-2019-9923 |
1 Gnu |
1 Tar |
2019-04-18 |
5.0 |
| pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
| CVE-2018-20482 |
2 Gnu, Debian |
2 Tar, Debian Linux |
2019-04-18 |
1.9 |
| GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be... |
| CVE-2018-19217 |
1 Gnu |
1 Ncurses |
2019-04-18 |
4.3 |
| ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for... |
| CVE-2019-9211 |
1 Gnu |
1 Pspp |
2019-04-17 |
4.3 |
| There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. |
| CVE-2018-6952 |
1 Gnu |
1 Patch |
2019-04-17 |
5.0 |
| A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
| CVE-2018-6951 |
2 Gnu, Canonical |
2 Patch, Ubuntu Linux |
2019-04-17 |
5.0 |
| An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. |
| CVE-2018-1000156 |
4 Gnu, Canonical, Debian and 1 more |
9 Patch, Ubuntu Linux, Debian Linux and 6 more |
2019-04-17 |
6.8 |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed... |
| CVE-2017-14938 |
1 Gnu |
1 Binutils |
2019-04-16 |
4.3 |
| _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a... |
| CVE-2019-9169 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-04-16 |
7.5 |
| In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
| CVE-2019-3836 |
1 Gnu |
1 Gnutls |
2019-04-15 |
5.0 |
| It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
| CVE-2019-3829 |
2 Gnu, Fedoraproject |
2 Gnutls, Fedora |
2019-04-15 |
5.0 |
| A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or... |
| CVE-2018-13796 |
1 Gnu |
1 Mailman |
2019-04-15 |
4.3 |
| An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. |
| CVE-2019-9924 |
2 Gnu, Debian |
2 Bash, Debian Linux |
2019-04-11 |
7.2 |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. |
| CVE-2005-3590 |
1 Gnu |
1 Glibc |
2019-04-11 |
7.5 |
| The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers... |
| CVE-2006-7254 |
1 Gnu |
1 Glibc |
2019-04-11 |
2.1 |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. |
| CVE-2018-20483 |
1 Gnu |
1 Wget |
2019-04-09 |
2.1 |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g.,... |
| CVE-2014-8155 |
1 Gnu |
1 Gnutls |
2019-04-08 |
4.3 |
| GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. |
