Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1000876 | Integer Overflow or Wraparound vulnerability in multiple products binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. | 7.8 |
| 2018-12-19 | CVE-2018-20230 | Out-of-bounds Write vulnerability in GNU Pspp 1.2.0 An issue was discovered in PSPP 1.2.0. | 7.8 |
| 2018-12-10 | CVE-2018-20002 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. | 5.5 |
| 2018-12-07 | CVE-2018-19932 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. | 5.5 |
| 2018-12-07 | CVE-2018-19931 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. | 7.8 |
| 2018-12-04 | CVE-2018-19591 | Improper Input Validation vulnerability in multiple products In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. | 7.5 |
| 2018-12-03 | CVE-2018-16868 | Information Exposure Through Discrepancy vulnerability in GNU Gnutls A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. | 5.6 |
| 2018-11-12 | CVE-2018-19217 | NULL Pointer Dereference vulnerability in GNU Ncurses 6.1 In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. | 6.5 |
| 2018-11-12 | CVE-2018-19211 | NULL Pointer Dereference vulnerability in GNU Ncurses 6.1 In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. | 5.5 |
| 2018-10-29 | CVE-2018-18751 | Double Free vulnerability in multiple products An issue was discovered in GNU gettext 0.19.8. | 9.8 |