Vulnerabilities > GNU > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2002-2439 Integer Overflow or Wraparound vulnerability in GNU GCC
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
local
low complexity
gnu CWE-190
7.8
7.8
2019-10-22 CVE-2019-12290 Improper Input Validation vulnerability in GNU Libidn2
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels.
network
low complexity
gnu CWE-20
7.5
7.5
2019-10-17 CVE-2019-18192 Incorrect Permission Assignment for Critical Resource vulnerability in GNU Guix 1.0.1
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
local
low complexity
gnu CWE-732
7.8
7.8
2019-09-02 CVE-2019-15847 Insufficient Entropy vulnerability in multiple products
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator.
network
low complexity
gnu opensuse CWE-331
7.5
7.5
2019-08-29 CVE-2019-15767 Out-of-bounds Write vulnerability in GNU Chess 6.2.5
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
local
low complexity
gnu CWE-787
7.8
7.8
2019-08-16 CVE-2018-20969 OS Command Injection vulnerability in GNU Patch
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character.
local
low complexity
gnu CWE-78
7.8
7.8
2019-08-14 CVE-2014-10375 Numeric Errors vulnerability in GNU Exosip 3.5.0/4.0.0/4.1.0
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
network
low complexity
gnu CWE-189
7.5
7.5
2019-07-26 CVE-2019-13638 OS Command Injection vulnerability in multiple products
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters.
local
low complexity
gnu debian CWE-78
7.8
7.8
2019-07-24 CVE-2019-1010180 Out-of-bounds Read vulnerability in multiple products
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access.
local
low complexity
gnu opensuse CWE-125
7.8
7.8
2019-07-15 CVE-2019-1010023 Unspecified vulnerability in GNU Glibc
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file.
network
low complexity
gnu
8.8
8.8