Vulnerabilities > GNU > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2015-0294 Improper Certificate Validation vulnerability in multiple products
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
network
low complexity
gnu debian redhat CWE-295
7.5
2020-01-24 CVE-2015-4041 Out-of-bounds Write vulnerability in GNU Coreutils 8.23
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
local
low complexity
gnu CWE-787
7.8
2020-01-24 CVE-2019-3697 UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root.
local
low complexity
opensuse gnu
7.8
2020-01-08 CVE-2020-6614 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
network
low complexity
gnu opensuse CWE-125
8.1
2020-01-08 CVE-2020-6613 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
network
low complexity
gnu opensuse CWE-125
8.1
2020-01-08 CVE-2020-6612 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
network
low complexity
gnu opensuse CWE-125
8.1
2020-01-08 CVE-2020-6609 Out-of-bounds Read vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
network
low complexity
gnu opensuse CWE-125
8.8
2020-01-07 CVE-2019-14866 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.
local
low complexity
gnu redhat
7.3
2019-12-27 CVE-2019-20014 Double Free vulnerability in multiple products
An issue was discovered in GNU LibreDWG before 0.93.
network
low complexity
gnu opensuse CWE-415
8.8
2019-12-27 CVE-2019-20011 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.92.
network
low complexity
gnu opensuse CWE-125
8.8