Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-24 | CVE-2015-4041 | Out-of-bounds Write vulnerability in GNU Coreutils 8.23 The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | 4.6 |
| 2020-01-24 | CVE-2019-3697 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. | 7.2 |
| 2020-01-08 | CVE-2020-6615 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | 4.3 |
| 2020-01-08 | CVE-2020-6614 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | 5.8 |
| 2020-01-08 | CVE-2020-6613 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | 5.8 |
| 2020-01-08 | CVE-2020-6612 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | 5.8 |
| 2020-01-08 | CVE-2020-6611 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | 4.3 |
| 2020-01-08 | CVE-2020-6610 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | 4.3 |
| 2020-01-08 | CVE-2020-6609 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | 6.8 |
| 2020-01-07 | CVE-2019-14866 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. | 7.3 |