Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2020-01-24 CVE-2015-4041 Out-of-bounds Write vulnerability in GNU Coreutils 8.23
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
local
low complexity
gnu CWE-787
7.8
7.8
2020-01-24 CVE-2019-3697 UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root.
local
low complexity
opensuse gnu
7.8
7.8
2020-01-08 CVE-2020-6615 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-08 CVE-2020-6614 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
network
low complexity
gnu opensuse CWE-125
8.1
8.1
2020-01-08 CVE-2020-6613 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
network
low complexity
gnu opensuse CWE-125
8.1
8.1
2020-01-08 CVE-2020-6612 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
network
low complexity
gnu opensuse CWE-125
8.1
8.1
2020-01-08 CVE-2020-6611 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-08 CVE-2020-6610 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2020-01-08 CVE-2020-6609 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
network
low complexity
gnu opensuse CWE-125
8.8
8.8
2020-01-07 CVE-2019-14866 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.
local
low complexity
gnu redhat
7.3
7.3