Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2019-20433 | Out-of-bounds Read vulnerability in GNU Aspell libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | 9.1 |
| 2020-01-24 | CVE-2015-4042 | Integer Overflow or Wraparound vulnerability in GNU Coreutils Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | 9.8 |
| 2020-01-24 | CVE-2015-4041 | Out-of-bounds Write vulnerability in GNU Coreutils 8.23 The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | 7.8 |
| 2020-01-24 | CVE-2019-3697 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. | 7.8 |
| 2020-01-08 | CVE-2020-6615 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | 6.5 |
| 2020-01-08 | CVE-2020-6614 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | 8.1 |
| 2020-01-08 | CVE-2020-6613 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | 8.1 |
| 2020-01-08 | CVE-2020-6612 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | 8.1 |
| 2020-01-08 | CVE-2020-6611 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | 6.5 |
| 2020-01-08 | CVE-2020-6610 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | 6.5 |