Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-14 | CVE-2019-17544 | Out-of-bounds Read vulnerability in multiple products libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | 9.1 |
| 2019-10-10 | CVE-2019-17451 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. | 6.5 |
| 2019-10-10 | CVE-2019-17450 | Uncontrolled Recursion vulnerability in multiple products find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 6.5 |
| 2019-09-09 | CVE-2019-16166 | Out-of-bounds Read vulnerability in GNU Cflow 1.5/1.6 GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | 6.5 |
| 2019-09-09 | CVE-2019-16165 | Use After Free vulnerability in GNU Cflow 1.5/1.6 GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | 6.5 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in multiple products The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 7.5 |
| 2019-08-29 | CVE-2019-15767 | Out-of-bounds Write vulnerability in GNU Chess 6.2.5 In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | 7.8 |
| 2019-08-23 | CVE-2019-15531 | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | 6.5 |
| 2019-08-16 | CVE-2018-20969 | OS Command Injection vulnerability in GNU Patch do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. | 7.8 |
| 2019-08-14 | CVE-2014-10375 | Numeric Errors vulnerability in GNU Exosip 3.5.0/4.0.0/4.1.0 handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | 7.5 |