Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-21 | CVE-2019-18224 | Out-of-bounds Write vulnerability in GNU Libidn2 idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | 9.8 |
| 2019-10-17 | CVE-2019-18192 | Incorrect Permission Assignment for Critical Resource vulnerability in GNU Guix 1.0.1 GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | 7.8 |
| 2019-10-14 | CVE-2019-17595 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | 5.4 |
| 2019-10-14 | CVE-2019-17594 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | 5.3 |
| 2019-10-14 | CVE-2019-17544 | Out-of-bounds Read vulnerability in multiple products libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | 9.1 |
| 2019-10-10 | CVE-2019-17451 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. | 6.5 |
| 2019-10-10 | CVE-2019-17450 | Uncontrolled Recursion vulnerability in multiple products find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 6.5 |
| 2019-09-09 | CVE-2019-16166 | Out-of-bounds Read vulnerability in GNU Cflow 1.5/1.6 GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | 6.5 |
| 2019-09-09 | CVE-2019-16165 | Use After Free vulnerability in GNU Cflow 1.5/1.6 GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | 6.5 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in multiple products The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 7.5 |