Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2019-11-29 CVE-2019-14865 Privilege Defined With Unsafe Actions vulnerability in GNU Grub2
A flaw was found in the grub2-set-bootflag utility of grub2.
local
low complexity
gnu CWE-267
5.5
2019-11-28 CVE-2019-18276 Improper Check for Dropped Privileges vulnerability in multiple products
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
local
low complexity
gnu netapp oracle CWE-273
7.8
2019-11-25 CVE-2015-1396 Path Traversal vulnerability in multiple products
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4.
network
low complexity
gnu debian CWE-22
7.5
2019-11-20 CVE-2019-16200 Incorrect Conversion between Numeric Types vulnerability in GNU Serveez 0.2.2
GNU Serveez through 0.2.2 has an Information Leak.
network
low complexity
gnu CWE-681
7.5
2019-11-19 CVE-2019-19126 Improper Initialization vulnerability in multiple products
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
local
low complexity
gnu canonical fedoraproject debian CWE-665
3.3
2019-11-19 CVE-2012-0824 Use of Externally-Controlled Format String vulnerability in GNU Gnusound 0.7.5
gnusound 0.7.5 has format string issue
network
low complexity
gnu CWE-134
critical
9.8
2019-11-13 CVE-2019-18397 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations.
local
low complexity
gnu debian CWE-120
7.8
2019-11-11 CVE-2019-18862 Unspecified vulnerability in GNU Mailutils 0.5/0.6
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
local
low complexity
gnu
7.8
2019-10-23 CVE-2002-2439 Integer Overflow or Wraparound vulnerability in GNU GCC
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
local
low complexity
gnu CWE-190
7.8
2019-10-22 CVE-2019-12290 Improper Input Validation vulnerability in GNU Libidn2
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels.
network
low complexity
gnu CWE-20
7.5