Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-21 CVE-2016-10739 Improper Input Validation vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
local
low complexity
gnu opensuse CWE-20
5.3
5.3
2019-01-16 CVE-2019-6460 NULL Pointer Dereference vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-476
6.5
6.5
2019-01-16 CVE-2019-6459 Memory Leak vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-401
6.5
6.5
2019-01-16 CVE-2019-6458 Memory Leak vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-401
6.5
6.5
2019-01-16 CVE-2019-6457 Memory Leak vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-401
6.5
6.5
2019-01-16 CVE-2019-6456 NULL Pointer Dereference vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-476
6.5
6.5
2019-01-16 CVE-2019-6455 Double Free vulnerability in GNU Recutils 1.8
An issue was discovered in GNU Recutils 1.8.
network
low complexity
gnu CWE-415
6.5
6.5
2019-01-15 CVE-2018-20712 Out-of-bounds Read vulnerability in GNU Binutils 2.31.1
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1.
network
low complexity
gnu CWE-125
6.5
6.5
2019-01-04 CVE-2018-20673 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.31.1
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
local
low complexity
gnu CWE-190
5.5
5.5
2019-01-04 CVE-2018-20671 Integer Overflow or Wraparound vulnerability in GNU Binutils
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
local
low complexity
gnu CWE-190
5.5
5.5