CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010204 20 DoS 2019-07-23 2019-08-22
4.3
None Remote Medium Not required None None Partial
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
2 CVE-2019-1010180 119 Exec Code Overflow 2019-07-24 2020-11-23
6.8
None Remote Medium Not required Partial Partial Partial
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
3 CVE-2019-1010025 330 Bypass 2019-07-15 2020-11-16
5.0
None Remote Low Not required Partial None None
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
4 CVE-2019-1010024 200 Bypass +Info 2019-07-15 2020-11-16
5.0
None Remote Low Not required Partial None None
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
5 CVE-2019-1010023 Exec Code 2019-07-15 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
6 CVE-2019-1010022 119 Overflow Bypass 2019-07-15 2021-06-10
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."
7 CVE-2019-20015 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
8 CVE-2019-20014 415 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
9 CVE-2019-20013 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
10 CVE-2019-20012 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
11 CVE-2019-20011 125 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
12 CVE-2019-20010 416 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
13 CVE-2019-20009 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
14 CVE-2019-19126 200 Bypass +Info 2019-11-19 2020-07-09
2.1
None Local Low Not required Partial None None
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
15 CVE-2019-18862 2019-11-11 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
16 CVE-2019-18397 120 DoS Exec Code Overflow 2019-11-13 2019-12-18
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
17 CVE-2019-18276 273 Exec Code +Priv 2019-11-28 2021-05-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
18 CVE-2019-18224 787 Overflow 2019-10-21 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
19 CVE-2019-18192 732 2019-10-17 2019-10-22
4.6
None Local Low Not required Partial Partial Partial
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
20 CVE-2019-17595 125 2019-10-14 2021-02-08
5.8
None Remote Medium Not required Partial None Partial
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
21 CVE-2019-17594 125 2019-10-14 2021-02-10
4.6
None Local Low Not required Partial Partial Partial
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
22 CVE-2019-17544 125 2019-10-14 2019-10-19
6.4
None Remote Low Not required Partial None Partial
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
23 CVE-2019-17451 190 Overflow 2019-10-10 2020-11-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
24 CVE-2019-17450 674 DoS 2019-10-10 2020-11-02
4.3
None Remote Medium Not required None None Partial
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
25 CVE-2019-16200 681 +Info 2019-11-20 2020-08-24
5.0
None Remote Low Not required Partial None None
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.
26 CVE-2019-16166 125 2019-09-09 2019-09-10
4.3
None Remote Medium Not required None None Partial
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
27 CVE-2019-16165 416 2019-09-09 2019-09-10
4.3
None Remote Medium Not required None None Partial
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
28 CVE-2019-15847 331 2019-09-02 2020-09-17
5.0
None Remote Low Not required Partial None None
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
29 CVE-2019-15767 787 Overflow 2019-08-29 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
30 CVE-2019-15531 125 2019-08-23 2019-08-31
4.3
None Remote Medium Not required None None Partial
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
31 CVE-2019-14444 190 Overflow 2019-07-30 2020-11-02
4.3
None Remote Medium Not required None None Partial
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
32 CVE-2019-14250 787 Overflow 2019-07-24 2020-11-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
33 CVE-2019-13638 78 2019-07-26 2019-08-16
9.3
None Remote Medium Not required Complete Complete Complete
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
34 CVE-2019-13636 59 2019-07-17 2019-07-24
5.8
None Remote Medium Not required None Partial Partial
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
35 CVE-2019-12972 125 2019-06-26 2020-11-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
36 CVE-2019-12290 20 2019-10-22 2019-10-29
5.0
None Remote Low Not required None Partial None
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
37 CVE-2019-11640 787 Overflow 2019-05-01 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
38 CVE-2019-11639 787 Overflow 2019-05-01 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
39 CVE-2019-11638 125 2019-05-01 2019-05-01
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
40 CVE-2019-11637 125 2019-05-01 2019-05-01
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
41 CVE-2019-9924 20 Exec Code 2019-03-22 2019-04-11
7.2
None Local Low Not required Complete Complete Complete
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
42 CVE-2019-9923 476 2019-03-22 2019-04-24
5.0
None Remote Low Not required None None Partial
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
43 CVE-2019-9779 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
44 CVE-2019-9778 125 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
45 CVE-2019-9777 125 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
46 CVE-2019-9776 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
47 CVE-2019-9775 125 2019-03-14 2019-03-21
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
48 CVE-2019-9774 125 2019-03-14 2019-03-21
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
49 CVE-2019-9773 787 Overflow 2019-03-14 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
50 CVE-2019-9772 476 2019-03-14 2019-03-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
Total number of vulnerabilities : 93   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.