CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-14496
https://notcve.org/view.php?id=CVE-2019-14496
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. En la función LoaderXM::load en el archivo LoaderXM.cpp en milkyplay en MilkyTracker versión 1.02.00, presenta un desbordamiento de búfer en la región stack de la memoria. • https://github.com/milkytracker/MilkyTracker/issues/183 https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html https://usn.ubuntu.com/4499-1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-14464
https://notcve.org/view.php?id=CVE-2019-14464
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 tiene un desbordamiento en el heap-bsed. • https://github.com/milkytracker/MilkyTracker/issues/184 https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBIIPS2CDMUXJ3CIEPKMEY3D73UZDR3T https://usn.ubuntu.com/4499-1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14452
https://notcve.org/view.php?id=CVE-2019-14452
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Sigil anterior a versión 0.9.16, es vulnerable a un salto de directorio, permitiendo a los atacantes escribir archivos arbitrarios por medio de un ../ (punto punto barra) en una entrada de archivo ZIP que es manejada inapropiadamente durante la extracción. • https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4 https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4 https://github.com/Sigil-Ebook/Sigil/compare/ea7f27d...5b867e5 https://github.com/Sigil-Ebook/Sigil/releases/tag/0.9.16 https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505967936 https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505997355 https:&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1020014
https://notcve.org/view.php?id=CVE-2019-1020014
docker-credential-helpers before 0.6.3 has a double free in the List functions. docker-credential-helpers anterior a versión 0.6.3, presenta una Vulnerabilidad de Doble Liberación en las funciones List. • https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73 https://usn.ubuntu.com/4103-1 https://usn.ubuntu.com/4103-2 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13565
https://notcve.org/view.php?id=CVE-2019-13565
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html http://seclists.org/fulldisclosure/2019/Dec/26 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues. •