Vendor CVEs
GNU
All CVEs
1,137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14150 | 0.00 | — | 0.00 | Jun 15, 2020 | GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended… | |||
| CVE-2020-12137 | 0.00 | — | 0.02 | Apr 24, 2020 | GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform… | |||
| CVE-2020-6096 | 0.00 | — | 0.05 | Apr 1, 2020 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison… | |||
| CVE-2019-20633 | 0.00 | — | 0.01 | Mar 25, 2020 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | |||
| CVE-2019-14874 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer… | |||
| CVE-2019-14877 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null… | |||
| CVE-2019-14873 | 0.00 | — | 0.01 | Mar 19, 2020 | In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug… | |||
| CVE-2020-10029 | 0.00 | — | 0.01 | Mar 4, 2020 | The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is… | |||
| CVE-2020-9366 | 0.00 | — | 0.03 | Feb 24, 2020 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | |||
| CVE-2019-20433 | 0.00 | — | 0.02 | Jan 27, 2020 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | |||
| CVE-2015-4042 | 0.00 | — | 0.02 | Jan 24, 2020 | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||
| CVE-2015-4041 | 0.00 | — | 0.01 | Jan 24, 2020 | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow… | |||
| CVE-2019-3697 | 0.00 | — | 0.01 | Jan 24, 2020 | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | |||
| CVE-2019-3693 | 0.00 | — | 0.00 | Jan 24, 2020 | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to… | |||
| CVE-2019-14866 | 0.00 | — | 0.01 | Jan 7, 2020 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths… | |||
| CVE-2019-19917 | 0.00 | — | 0.02 | Dec 20, 2019 | Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. | |||
| CVE-2019-19918 | 0.00 | — | 0.02 | Dec 20, 2019 | Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | |||
| CVE-2012-1577 | 0.00 | — | 0.02 | Dec 10, 2019 | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |||
| CVE-2019-18276 | 0.00 | — | 0.03 | Nov 28, 2019 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux… | |||
| CVE-2015-1396 | 0.00 | — | 0.03 | Nov 25, 2019 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||
| CVE-2019-16200 | 0.00 | — | 0.02 | Nov 20, 2019 | GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The… | |||
| CVE-2019-19126 | 0.00 | — | 0.00 | Nov 19, 2019 | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries… | |||
| CVE-2019-18397 | 0.00 | — | 0.02 | Nov 13, 2019 | A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then… | |||
| CVE-2002-2439 | 0.00 | — | 0.01 | Oct 23, 2019 | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | |||
| CVE-2019-12290 | 0.00 | — | 0.03 | Oct 22, 2019 | GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain… | |||
| CVE-2019-18224 | 0.00 | — | 0.04 | Oct 21, 2019 | idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | |||
| CVE-2019-17595 | 0.00 | — | 0.02 | Oct 14, 2019 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | |||
| CVE-2019-17544 | 0.00 | — | 0.03 | Oct 14, 2019 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | |||
| CVE-2019-17450 | 0.00 | — | 0.03 | Oct 10, 2019 | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | |||
| CVE-2019-17451 | 0.00 | — | 0.02 | Oct 10, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | |||
| CVE-2019-16165 | 0.00 | — | 0.01 | Sep 9, 2019 | GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | |||
| CVE-2019-16166 | 0.00 | — | 0.01 | Sep 9, 2019 | GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | |||
| CVE-2019-15847 | 0.00 | — | 0.03 | Sep 2, 2019 | The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For… | |||
| CVE-2019-15767 | 0.00 | — | 0.01 | Aug 29, 2019 | In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | |||
| CVE-2019-15531 | 0.00 | — | 0.02 | Aug 23, 2019 | GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | |||
| CVE-2018-20969 | 0.00 | — | 0.03 | Aug 16, 2019 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | |||
| CVE-2019-14697 | 0.00 | — | 0.03 | Aug 6, 2019 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | |||
| CVE-2019-14444 | 0.00 | — | 0.01 | Jul 30, 2019 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | |||
| CVE-2019-13638 | 0.00 | — | 0.05 | Jul 26, 2019 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from… | |||
| CVE-2019-1010180 | 0.00 | — | 0.03 | Jul 24, 2019 | GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not… | |||
| CVE-2019-14250 | 0.00 | — | 0.02 | Jul 24, 2019 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | |||
| CVE-2019-1010204 | 0.00 | — | 0.01 | Jul 23, 2019 | GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An… | |||
| CVE-2019-13636 | 0.00 | — | 0.04 | Jul 17, 2019 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | |||
| CVE-2019-1010025 | 0.00 | — | 0.02 | Jul 15, 2019 | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. | |||
| CVE-2019-1010023 | 0.00 | — | 0.03 | Jul 15, 2019 | GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute… | |||
| CVE-2019-1010024 | 0.00 | — | 0.03 | Jul 15, 2019 | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | |||
| CVE-2019-1010022 | 0.00 | — | 0.03 | Jul 15, 2019 | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream… | |||
| CVE-2019-12972 | 0.00 | — | 0.02 | Jun 26, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting… | |||
| CVE-2012-6711 | 0.00 | — | 0.00 | Jun 18, 2019 | A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e"… | |||
| CVE-2018-12886 | 0.00 | — | 0.02 | May 22, 2019 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows… |
- CVE-2020-14150Jun 15, 2020risk 0.00cvss —epss 0.00
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended…
- CVE-2020-12137Apr 24, 2020risk 0.00cvss —epss 0.02
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform…
- CVE-2020-6096Apr 1, 2020risk 0.00cvss —epss 0.05
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison…
- CVE-2019-20633Mar 25, 2020risk 0.00cvss —epss 0.01
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
- CVE-2019-14874Mar 19, 2020risk 0.00cvss —epss 0.01
In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer…
- CVE-2019-14877Mar 19, 2020risk 0.00cvss —epss 0.01
In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null…
- CVE-2019-14873Mar 19, 2020risk 0.00cvss —epss 0.01
In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug…
- CVE-2020-10029Mar 4, 2020risk 0.00cvss —epss 0.01
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is…
- CVE-2020-9366Feb 24, 2020risk 0.00cvss —epss 0.03
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
- CVE-2019-20433Jan 27, 2020risk 0.00cvss —epss 0.02
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
- CVE-2015-4042Jan 24, 2020risk 0.00cvss —epss 0.02
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
- CVE-2015-4041Jan 24, 2020risk 0.00cvss —epss 0.01
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow…
- CVE-2019-3697Jan 24, 2020risk 0.00cvss —epss 0.01
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
- CVE-2019-3693Jan 24, 2020risk 0.00cvss —epss 0.00
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to…
- CVE-2019-14866Jan 7, 2020risk 0.00cvss —epss 0.01
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths…
- CVE-2019-19917Dec 20, 2019risk 0.00cvss —epss 0.02
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
- CVE-2019-19918Dec 20, 2019risk 0.00cvss —epss 0.02
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
- CVE-2012-1577Dec 10, 2019risk 0.00cvss —epss 0.02
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
- CVE-2019-18276Nov 28, 2019risk 0.00cvss —epss 0.03
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux…
- CVE-2015-1396Nov 25, 2019risk 0.00cvss —epss 0.03
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
- CVE-2019-16200Nov 20, 2019risk 0.00cvss —epss 0.02
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The…
- CVE-2019-19126Nov 19, 2019risk 0.00cvss —epss 0.00
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries…
- CVE-2019-18397Nov 13, 2019risk 0.00cvss —epss 0.02
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then…
- CVE-2002-2439Oct 23, 2019risk 0.00cvss —epss 0.01
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
- CVE-2019-12290Oct 22, 2019risk 0.00cvss —epss 0.03
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain…
- CVE-2019-18224Oct 21, 2019risk 0.00cvss —epss 0.04
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
- CVE-2019-17595Oct 14, 2019risk 0.00cvss —epss 0.02
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
- CVE-2019-17544Oct 14, 2019risk 0.00cvss —epss 0.03
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
- CVE-2019-17450Oct 10, 2019risk 0.00cvss —epss 0.03
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
- CVE-2019-17451Oct 10, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
- CVE-2019-16165Sep 9, 2019risk 0.00cvss —epss 0.01
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
- CVE-2019-16166Sep 9, 2019risk 0.00cvss —epss 0.01
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
- CVE-2019-15847Sep 2, 2019risk 0.00cvss —epss 0.03
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For…
- CVE-2019-15767Aug 29, 2019risk 0.00cvss —epss 0.01
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
- CVE-2019-15531Aug 23, 2019risk 0.00cvss —epss 0.02
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
- CVE-2018-20969Aug 16, 2019risk 0.00cvss —epss 0.03
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
- CVE-2019-14697Aug 6, 2019risk 0.00cvss —epss 0.03
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
- CVE-2019-14444Jul 30, 2019risk 0.00cvss —epss 0.01
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
- CVE-2019-13638Jul 26, 2019risk 0.00cvss —epss 0.05
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from…
- CVE-2019-1010180Jul 24, 2019risk 0.00cvss —epss 0.03
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not…
- CVE-2019-14250Jul 24, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
- CVE-2019-1010204Jul 23, 2019risk 0.00cvss —epss 0.01
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An…
- CVE-2019-13636Jul 17, 2019risk 0.00cvss —epss 0.04
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
- CVE-2019-1010025Jul 15, 2019risk 0.00cvss —epss 0.02
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
- CVE-2019-1010023Jul 15, 2019risk 0.00cvss —epss 0.03
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute…
- CVE-2019-1010024Jul 15, 2019risk 0.00cvss —epss 0.03
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
- CVE-2019-1010022Jul 15, 2019risk 0.00cvss —epss 0.03
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream…
- CVE-2019-12972Jun 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting…
- CVE-2012-6711Jun 18, 2019risk 0.00cvss —epss 0.00
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e"…
- CVE-2018-12886May 22, 2019risk 0.00cvss —epss 0.02
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows…
Page 15 of 23