CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5482.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2019-5481 – curl: double free due to subsequent call of realloc()
https://notcve.org/view.php?id=CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5481.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-16163 – oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
https://notcve.org/view.php?id=CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Oniguruma versiones anteriores a 6.9.3, permite un Agotamiento de la Pila en el archivo regcomp.c debido a la recursión en el archivo regparse.c. • https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3 https://github.com/kkos/oniguruma/issues/147 https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y https://usn.ubuntu.c • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16159
https://notcve.org/view.php?id=CVE-2019-16159
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. BIRD Internet Routing Daemon versiones 1.6.x hasta 1.6.7 y versiones 2.x hasta 2.0.5, presenta un desbordamiento de búfer en la región stack de la memoria. El soporte del demonio BGP para los mensajes de comunicación de apagado administrativo RFC 8203 incluía una expresión lógica incorrecta cuando se comprueba la validez de un mensaje de entrada. • http://bird.network.cz http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b https://gitlab.labs.nic.cz/l • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-9854 – Unsafe URL assembly flaw in allowed script location check
https://notcve.org/view.php?id=CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html https://bugzilla.redhat.com/show_bug.cgi?id=1769907 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N https://seclists.org/bugtraq/2019/Sep/17 https://usn.ubuntu.com/4138-1 https://www.debian.org/security/201 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •