Filtered by vendor Gnu
Subscribe
Total
1122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20673 | 1 Gnu | 1 Binutils | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. | |||||
| CVE-2019-6459 | 1 Gnu | 1 Recutils | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. | |||||
| CVE-2019-11639 | 1 Gnu | 1 Recutils | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. | |||||
| CVE-2019-6457 | 1 Gnu | 1 Recutils | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. | |||||
| CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | |||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | |||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
| CVE-2019-6458 | 1 Gnu | 1 Recutils | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. | |||||
| CVE-2018-20483 | 1 Gnu | 1 Wget | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | |||||
| CVE-2018-18484 | 1 Gnu | 1 Binutils | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. | |||||
| CVE-2019-20015 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | |||||
| CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
| CVE-2018-20230 | 1 Gnu | 1 Pspp | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-12886 | 1 Gnu | 1 Gcc | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | |||||
| CVE-2019-5953 | 1 Gnu | 1 Wget | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | |||||
| CVE-2019-20012 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | |||||
| CVE-2019-7309 | 1 Gnu | 1 Glibc | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. | |||||
| CVE-2018-14346 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). | |||||
| CVE-2017-5618 | 1 Gnu | 1 Screen | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | |||||
| CVE-2019-20009 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | |||||