Page 61 of 1071 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2002-2439

https://notcve.org/view.php?id=CVE-2002-2439

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. Un desbordamiento de enteros en el operador new[] en gcc versiones anteriores a 4.8.0, permite a atacantes tener impactos no especificados. • https://access.redhat.com/security/cve/cve-2002-2439 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 https://security-tracker.debian.org/tracker/CVE-2002-2439 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12290

https://notcve.org/view.php?id=CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. GNU libidn2 versiones anteriores a 2.2.0, no puede realizar las comprobaciones de ida y vuelta especificadas en RFC3490 Sección 4.2, cuando se convierte etiquetas A en etiquetas U. Esto hace posible en algunas circunstancias que un dominio se haga pasar por otro. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5 https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de https://gitlab.com/libidn/libidn2/merge_requests/71 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM https://lists.fedoraproject.org/archives/list/package • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2019-18224

https://notcve.org/view.php?id=CVE-2019-18224

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. La función idn2_to_ascii_4i en la biblioteca lib/lookup.c en GNU libidn2 versiones anteriores a 2.1.1, presenta un desbordamiento del búfer en la región heap de la memoria por medio de una cadena de dominio larga. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ https://lists.fedoraproject&# • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-18192

https://notcve.org/view.php?id=CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365. • http://www.openwall.com/lists/oss-security/2019/10/17/3 https://issues.guix.gnu.org/issue/37744 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-17594 – ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c

https://notcve.org/view.php?id=CVE-2019-17594

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función _nc_find_entry en tinfo/comp_hash.c la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html https://security.gentoo.org/glsa/202101-28 https://access.redhat.com/security/cve/CVE-2019-17594 https://bugzilla.redhat.com/show_bug.cgi?id=1766745 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •