Vulnerabilities > GNU > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-20010 | Use After Free vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 8.8 |
| 2019-11-28 | CVE-2019-18276 | Improper Check for Dropped Privileges vulnerability in multiple products An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. | 7.8 |
| 2019-11-25 | CVE-2015-1396 | Path Traversal vulnerability in multiple products A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. | 7.5 |
| 2019-11-20 | CVE-2019-16200 | Incorrect Conversion between Numeric Types vulnerability in GNU Serveez 0.2.2 GNU Serveez through 0.2.2 has an Information Leak. | 7.5 |
| 2019-11-13 | CVE-2019-18397 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. | 7.8 |
| 2019-11-11 | CVE-2019-18862 | Unspecified vulnerability in GNU Mailutils 0.5/0.6 maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | 7.8 |
| 2019-10-23 | CVE-2002-2439 | Integer Overflow or Wraparound vulnerability in GNU GCC Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | 7.8 |
| 2019-10-22 | CVE-2019-12290 | Improper Input Validation vulnerability in GNU Libidn2 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. | 7.5 |
| 2019-10-17 | CVE-2019-18192 | Incorrect Permission Assignment for Critical Resource vulnerability in GNU Guix 1.0.1 GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | 7.8 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in multiple products The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 7.5 |