# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-33024 |
617 |
|
|
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. |
2 |
CVE-2022-29458 |
125 |
|
|
2022-04-18 |
2022-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
3 |
CVE-2021-43396 |
|
|
|
2021-11-04 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug." |
4 |
CVE-2021-38604 |
476 |
|
|
2021-08-12 |
2022-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. |
5 |
CVE-2021-31879 |
601 |
|
|
2021-04-29 |
2022-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |
6 |
CVE-2021-28236 |
476 |
|
|
2021-12-02 |
2021-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. |
7 |
CVE-2021-3549 |
787 |
|
Mem. Corr. |
2021-05-26 |
2022-10-07 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. |
8 |
CVE-2021-3530 |
674 |
|
|
2021-06-02 |
2022-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. |
9 |
CVE-2021-3326 |
617 |
|
DoS |
2021-01-27 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
10 |
CVE-2020-35494 |
908 |
|
|
2021-01-04 |
2022-09-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. |
11 |
CVE-2020-29573 |
787 |
|
Overflow |
2020-12-06 |
2021-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. |
12 |
CVE-2020-24659 |
787 |
|
|
2020-09-04 |
2020-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. |
13 |
CVE-2020-18395 |
476 |
|
DoS |
2021-05-28 |
2021-06-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. |
14 |
CVE-2020-13777 |
327 |
|
Bypass |
2020-06-04 |
2020-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
15 |
CVE-2020-11501 |
327 |
|
|
2020-04-03 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
16 |
CVE-2020-6614 |
125 |
|
|
2020-01-08 |
2022-09-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. |
17 |
CVE-2020-6613 |
125 |
|
|
2020-01-08 |
2022-09-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. |
18 |
CVE-2020-6612 |
125 |
|
|
2020-01-08 |
2022-09-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. |
19 |
CVE-2020-1751 |
787 |
|
DoS Exec Code |
2020-04-17 |
2023-01-27 |
5.9 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Complete |
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. |
20 |
CVE-2019-1010025 |
330 |
|
Bypass |
2019-07-15 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability." |
21 |
CVE-2019-1010024 |
200 |
|
Bypass +Info |
2019-07-15 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." |
22 |
CVE-2019-20915 |
125 |
|
|
2020-07-16 |
2020-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. |
23 |
CVE-2019-20913 |
125 |
|
|
2020-07-16 |
2020-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. |
24 |
CVE-2019-20910 |
125 |
|
|
2020-07-16 |
2020-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. |
25 |
CVE-2019-20909 |
476 |
|
|
2020-07-16 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. |
26 |
CVE-2019-17595 |
125 |
|
|
2019-10-14 |
2021-02-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
27 |
CVE-2019-16200 |
681 |
|
+Info |
2019-11-20 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. |
28 |
CVE-2019-15847 |
331 |
|
|
2019-09-02 |
2020-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. |
29 |
CVE-2019-13636 |
59 |
|
|
2019-07-17 |
2019-07-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. |
30 |
CVE-2019-12290 |
20 |
|
|
2019-10-22 |
2019-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. |
31 |
CVE-2019-9923 |
476 |
|
|
2019-03-22 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
32 |
CVE-2019-9779 |
476 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). |
33 |
CVE-2019-9778 |
125 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. |
34 |
CVE-2019-9777 |
125 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. |
35 |
CVE-2019-9776 |
476 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). |
36 |
CVE-2019-9773 |
787 |
|
Overflow |
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. |
37 |
CVE-2019-9772 |
476 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. |
38 |
CVE-2019-9771 |
476 |
|
|
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. |
39 |
CVE-2019-9770 |
787 |
|
Overflow |
2019-03-14 |
2022-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. |
40 |
CVE-2019-9192 |
674 |
|
|
2019-02-26 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. |
41 |
CVE-2019-3836 |
824 |
|
|
2019-04-01 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
42 |
CVE-2019-3829 |
415 |
|
Mem. Corr. |
2019-03-27 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
43 |
CVE-2018-20796 |
674 |
|
|
2019-02-26 |
2019-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
44 |
CVE-2018-20657 |
772 |
|
DoS |
2019-01-02 |
2019-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. |
45 |
CVE-2018-19591 |
20 |
|
|
2018-12-04 |
2020-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
46 |
CVE-2018-12934 |
770 |
|
|
2018-06-28 |
2020-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. |
47 |
CVE-2018-12698 |
|
|
|
2018-06-23 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. |
48 |
CVE-2018-12697 |
476 |
|
|
2018-06-23 |
2019-08-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. |
49 |
CVE-2018-6952 |
415 |
|
|
2018-02-13 |
2019-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
50 |
CVE-2018-6951 |
476 |
|
DoS |
2018-02-13 |
2019-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. |