Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-07 CVE-2018-19932 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp CWE-190
5.5
2018-12-03 CVE-2018-16868 Information Exposure Through Discrepancy vulnerability in GNU Gnutls
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data.
high complexity
gnu CWE-203
5.6
2018-11-12 CVE-2018-19217 NULL Pointer Dereference vulnerability in GNU Ncurses 6.1
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack.
network
low complexity
gnu CWE-476
6.5
2018-11-12 CVE-2018-19211 NULL Pointer Dereference vulnerability in GNU Ncurses 6.1
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
local
low complexity
gnu CWE-476
5.5
2018-10-29 CVE-2018-18701 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-835
5.5
2018-10-29 CVE-2018-18700 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-835
5.5
2018-10-23 CVE-2018-18607 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18606 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18605 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize.
local
low complexity
gnu debian netapp CWE-125
5.5
2018-10-18 CVE-2018-18484 Uncontrolled Recursion vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-674
5.5