Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-24 CVE-2019-9076 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp CWE-770
5.5
5.5
2019-02-24 CVE-2019-9074 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-125
5.5
5.5
2019-02-24 CVE-2019-9073 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-770
5.5
5.5
2019-02-24 CVE-2019-9072 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp CWE-770
5.5
5.5
2019-02-24 CVE-2019-9071 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical CWE-674
5.5
5.5
2019-02-03 CVE-2019-7309 Unspecified vulnerability in GNU Glibc
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
local
low complexity
gnu
5.5
5.5
2019-01-21 CVE-2016-10739 Improper Input Validation vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
local
low complexity
gnu opensuse CWE-20
5.3
5.3
2019-01-16 CVE-2019-6460 NULL Pointer Dereference vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-476
6.5
6.5
2019-01-16 CVE-2019-6459 Memory Leak vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-401
6.5
6.5
2019-01-16 CVE-2019-6458 Memory Leak vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-401
6.5
6.5