Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2019-17595 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
network
low complexity
gnu opensuse CWE-125
5.4
5.4
2019-10-14 CVE-2019-17594 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
local
low complexity
gnu opensuse CWE-125
5.3
5.3
2019-10-14 CVE-2019-17544 Out-of-bounds Read vulnerability in multiple products
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
network
low complexity
gnu canonical CWE-125
critical
 9.1
9.1
2019-10-10 CVE-2019-17451 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
network
low complexity
gnu opensuse canonical CWE-190
6.5
6.5
2019-10-10 CVE-2019-17450 Uncontrolled Recursion vulnerability in multiple products
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
network
low complexity
gnu opensuse canonical CWE-674
6.5
6.5
2019-09-09 CVE-2019-16166 Out-of-bounds Read vulnerability in GNU Cflow 1.5/1.6
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
network
low complexity
gnu CWE-125
6.5
6.5
2019-09-09 CVE-2019-16165 Use After Free vulnerability in GNU Cflow 1.5/1.6
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
network
low complexity
gnu CWE-416
6.5
6.5
2019-09-02 CVE-2019-15847 Insufficient Entropy vulnerability in multiple products
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator.
network
low complexity
gnu opensuse CWE-331
7.5
7.5
2019-08-29 CVE-2019-15767 Out-of-bounds Write vulnerability in GNU Chess 6.2.5
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
local
low complexity
gnu CWE-787
7.8
7.8
2019-08-23 CVE-2019-15531 Out-of-bounds Read vulnerability in multiple products
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
network
low complexity
gnu debian fedoraproject CWE-125
6.5
6.5