Vulnerabilities > GNU > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-18 | CVE-2012-6711 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. | 7.8 |
| 2019-05-22 | CVE-2018-12886 | Information Exposure Through an Error Message vulnerability in GNU GCC stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | 8.1 |
| 2019-05-01 | CVE-2019-11640 | Out-of-bounds Write vulnerability in GNU Recutils 1.8 An issue was discovered in GNU recutils 1.8. | 8.8 |
| 2019-05-01 | CVE-2019-11639 | Out-of-bounds Write vulnerability in GNU Recutils 1.8 An issue was discovered in GNU recutils 1.8. | 8.8 |
| 2019-04-01 | CVE-2019-3836 | Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | 7.5 |
| 2019-03-27 | CVE-2019-3829 | Use After Free vulnerability in multiple products A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. | 7.5 |
| 2019-03-22 | CVE-2019-9924 | Missing Authorization vulnerability in multiple products rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | 7.8 |
| 2019-03-22 | CVE-2019-9923 | NULL Pointer Dereference vulnerability in multiple products pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. | 7.5 |
| 2019-03-14 | CVE-2019-9779 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. | 7.5 |
| 2019-03-14 | CVE-2019-9778 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. | 7.5 |