VYPR

Vendor CVEs

GNU

All CVEs

1,137 total · sorted by risk
  • CVE-2019-5953May 17, 2019
    risk 0.00cvss epss 0.05

    Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.

  • CVE-2019-11640May 1, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.

  • CVE-2019-11639May 1, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

  • CVE-2019-11638May 1, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.

  • CVE-2019-11637May 1, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.

  • CVE-2006-7254Apr 10, 2019
    risk 0.00cvss epss 0.00

    The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

  • CVE-2005-3590Apr 10, 2019
    risk 0.00cvss epss 0.02

    The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

  • CVE-2019-9923Mar 22, 2019
    risk 0.00cvss epss 0.03

    pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

  • CVE-2019-9924Mar 22, 2019
    risk 0.00cvss epss 0.00

    rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

  • CVE-2019-9211Feb 27, 2019
    risk 0.00cvss epss 0.02

    There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

  • CVE-2019-9192Feb 26, 2019
    risk 0.00cvss epss 0.02

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a…

  • CVE-2009-5155Feb 26, 2019
    risk 0.00cvss epss 0.04

    In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

  • CVE-2018-20796Feb 26, 2019
    risk 0.00cvss epss 0.06

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

  • CVE-2019-9169Feb 26, 2019
    risk 0.00cvss epss 0.05

    In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

  • CVE-2019-9075Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

  • CVE-2019-9076Feb 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

  • CVE-2019-9071Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

  • CVE-2019-9070Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

  • CVE-2019-9074Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

  • CVE-2019-9077Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

  • CVE-2019-9073Feb 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

  • CVE-2019-9072Feb 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

  • CVE-2019-7309Feb 3, 2019
    risk 0.00cvss epss 0.01

    In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

  • CVE-2016-10739Jan 21, 2019
    risk 0.00cvss epss 0.00

    In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid…

  • CVE-2019-6488Jan 18, 2019
    risk 0.00cvss epss 0.00

    The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as…

  • CVE-2019-6458Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.

  • CVE-2019-6455Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.

  • CVE-2019-6457Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.

  • CVE-2019-6456Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.

  • CVE-2019-6459Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.

  • CVE-2019-6460Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.

  • CVE-2018-20712Jan 15, 2019
    risk 0.00cvss epss 0.03

    A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

  • CVE-2018-20673Jan 4, 2019
    risk 0.00cvss epss 0.02

    The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

  • CVE-2018-20671Jan 4, 2019
    risk 0.00cvss epss 0.02

    load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

  • CVE-2018-20657Jan 2, 2019
    risk 0.00cvss epss 0.04

    The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

  • CVE-2018-20651Jan 1, 2019
    risk 0.00cvss epss 0.02

    A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows…

  • CVE-2018-20623Dec 31, 2018
    risk 0.00cvss epss 0.02

    In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

  • CVE-2018-20482Dec 26, 2018
    risk 0.00cvss epss 0.01

    GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's…

  • CVE-2018-20483Dec 26, 2018
    risk 0.00cvss epss 0.01

    set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by…

  • CVE-2018-20431Dec 24, 2018
    risk 0.00cvss epss 0.02

    GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

  • CVE-2018-20430Dec 24, 2018
    risk 0.00cvss epss 0.02

    GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

  • CVE-2018-1000876Dec 20, 2018
    risk 0.00cvss epss 0.01

    binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This…

  • CVE-2018-20002Dec 10, 2018
    risk 0.00cvss epss 0.02

    The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

  • CVE-2018-19931Dec 7, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

  • CVE-2018-19932Dec 7, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

  • CVE-2018-19591Dec 4, 2018
    risk 0.00cvss epss 0.06

    In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

  • CVE-2018-18751Oct 28, 2018
    risk 0.00cvss epss 0.04

    An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

  • CVE-2018-18701Oct 27, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could…

  • CVE-2018-18700Oct 27, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could…

  • CVE-2018-18605Oct 23, 2018
    risk 0.00cvss epss 0.02

    A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple…

Page 16 of 23