CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2439
https://notcve.org/view.php?id=CVE-2002-2439
23 Oct 2019 — Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. Un desbordamiento de enteros en el operador new[] en gcc versiones anteriores a 4.8.0, permite a atacantes tener impactos no especificados. • https://access.redhat.com/security/cve/cve-2002-2439 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12290 – Ubuntu Security Notice USN-4168-1
https://notcve.org/view.php?id=CVE-2019-12290
22 Oct 2019 — GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. GNU libidn2 versiones anteriore... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18224 – Ubuntu Security Notice USN-4168-1
https://notcve.org/view.php?id=CVE-2019-18224
21 Oct 2019 — idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. La función idn2_to_ascii_4i en la biblioteca lib/lookup.c en GNU libidn2 versiones anteriores a 2.1.1, presenta un desbordamiento del búfer en la región heap de la memoria por medio de una cadena de dominio larga. A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could re... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18192
https://notcve.org/view.php?id=CVE-2019-18192
17 Oct 2019 — GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365. • http://www.openwall.com/lists/oss-security/2019/10/17/3 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17594 – ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17594
14 Oct 2019 — There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función _nc_find_entry en tinfo/comp_hash.c la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges tha... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17595 – ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17595
14 Oct 2019 — There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función fmt_entry en tinfo/comp_hash.c en la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admin... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 0CVE-2019-17544 – Debian Security Advisory 4948-1
https://notcve.org/view.php?id=CVE-2019-17544
14 Oct 2019 — libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. La biblioteca libaspell.a en GNU Aspell versiones anteriores a 0.60.8, presenta una lectura excesiva del búfer en la región stack de la memoria en la función acommon::unescape en el archivo common/getdata.cpp por medio de un carácter \ aislado. USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. It was disco... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 1CVE-2019-17450 – binutils: denial of service via crafted ELF file
https://notcve.org/view.php?id=CVE-2019-17450
10 Oct 2019 — find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. La función find_abstract_instance en el archivo dwarf2.c en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), distribuida en GNU Binutils versión 2.32, permite a atacantes remotos causar una denegación de servicio (recursión infinita y ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-17451 – binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c
https://notcve.org/view.php?id=CVE-2019-17451
10 Oct 2019 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. Se detectó un problema en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), distribuida en GNU Binutils versión 2.32. Es un desbordamiento de enteros conllevando a un SEGV en la función _bfd_dwarf2_find_nearest_line en el archivo dwarf2.c, como es demost... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16165
https://notcve.org/view.php?id=CVE-2019-16165
09 Sep 2019 — GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. GNU cflow versiones hasta 1.6, presenta un uso de la memoria previamente liberada de la función reference en el archivo parser.c. • https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html • CWE-416: Use After Free •