Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2019-17595 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
network
low complexity
gnu opensuse CWE-125
5.4
2019-10-14 CVE-2019-17594 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
local
low complexity
gnu opensuse CWE-125
5.3
2019-10-10 CVE-2019-17451 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
network
low complexity
gnu opensuse canonical CWE-190
6.5
2019-10-10 CVE-2019-17450 Uncontrolled Recursion vulnerability in multiple products
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
network
low complexity
gnu opensuse canonical CWE-674
6.5
2019-09-09 CVE-2019-16166 Out-of-bounds Read vulnerability in GNU Cflow 1.5/1.6
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
network
low complexity
gnu CWE-125
6.5
2019-09-09 CVE-2019-16165 Use After Free vulnerability in GNU Cflow 1.5/1.6
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
network
low complexity
gnu CWE-416
6.5
2019-08-23 CVE-2019-15531 Out-of-bounds Read vulnerability in multiple products
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
network
low complexity
gnu debian fedoraproject CWE-125
6.5
2019-07-30 CVE-2019-14444 Integer Overflow or Wraparound vulnerability in multiple products
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
local
low complexity
gnu opensuse canonical netapp CWE-190
5.5
2019-07-24 CVE-2019-14250 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.
local
low complexity
gnu canonical opensuse CWE-190
5.5
2019-07-23 CVE-2019-1010204 Incorrect Conversion between Numeric Types vulnerability in multiple products
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read.
local
low complexity
gnu netapp CWE-681
5.5