CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2019-20010
https://notcve.org/view.php?id=CVE-2019-20010
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. Se detectó un problema en GNU LibreDWG versión 0.92. Se presenta un uso de la memoria previamente liberada en la función resolve_objectref_vector en el archivo decode.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html https://github.com/LibreDWG/libredwg/issues/176 https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14865 – grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable
https://notcve.org/view.php?id=CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. Se encontró un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podría ejecutar esta utilidad bajo la presión de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuración de grub2 sean truncados y dejando el sistema no reiniciable en los reinicios posteriores. A flaw was found in the grub2-set-bootflag utility of grub2. • http://www.openwall.com/lists/oss-security/2024/02/06/3 https://access.redhat.com/errata/RHSA-2020:0335 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865 https://seclists.org/oss-sec/2019/q4/101 https://access.redhat.com/security/cve/CVE-2019-14865 https://bugzilla.redhat.com/show_bug.cgi?id=1764925 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 4CVE-2019-18276 – bash: when effective UID is not equal to its real UID the saved UID is not dropped
https://notcve.org/view.php?id=CVE-2019-18276
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. • https://github.com/M-ensimag/CVE-2019-18276 https://github.com/SABI-Ensimag/CVE-2019-18276 http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.gentoo.org/glsa/202105-34 https://security.netapp.com/advisory/ntap-20200430-0003 https://www.oracle.com/security-alerts/cp • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16200
https://notcve.org/view.php?id=CVE-2019-16200
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. GNU Serveez versiones hasta 0.2.2, tiene un Filtrado de Información. • https://github.com/agadient/SERVEEZ-CVE • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0824
https://notcve.org/view.php?id=CVE-2012-0824
gnusound 0.7.5 has format string issue gnusound versión 0.7.5, presenta un problema de cadena de formato. • http://www.openwall.com/lists/oss-security/2012/01/31/3 https://access.redhat.com/security/cve/cve-2012-0824 https://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0824.html https://security-tracker.debian.org/tracker/CVE-2012-0824 • CWE-134: Use of Externally-Controlled Format String •