CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010204 – binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service
https://notcve.org/view.php?id=CVE-2019-1010204
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. • https://security.netapp.com/advisory/ntap-20190822-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2019-1010204 https://bugzilla.redhat.com/show_bug.cgi?id=1735604 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 0CVE-2019-13636 – patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files
https://notcve.org/view.php?id=CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. En GNU parche hasta 2.7.6, el seguimiento de los enlaces simbólicos es manejado inapropiadamente en determinados casos diferentes a los archivos de entrada. Esto afecta a los archivos inp.c y util.c. GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a https://github.com/irsl/gnu-patch-vulnerabilities https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT https://seclists.org/bugtraq/2019/Aug/29 https://seclists.org/bugtraq/2019/Jul/54 https& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010025
https://notcve.org/view.php?id=CVE-2019-1010025
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. ** EN DISPUTA **La biblioteca Libc actual de GNU está afectada por: Omisión de Mitigación. El impacto es: el atacante puede adivinar las direcciones heap del subproceso (hilo) pthread_created. • https://security-tracker.debian.org/tracker/CVE-2019-1010025 https://sourceware.org/bugzilla/show_bug.cgi?id=22853 https://support.f5.com/csp/article/K06046097 https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS https://ubuntu.com/security/CVE-2019-1010025 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-1010023
https://notcve.org/view.php?id=CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. ** EN DISPUTA ** La corriente de GNU Libc está afectada por: Re-asignación de la biblioteca cargada actual con un archivo ELF malicioso. • http://www.securityfocus.com/bid/109167 https://security-tracker.debian.org/tracker/CVE-2019-1010023 https://sourceware.org/bugzilla/show_bug.cgi?id=22851 https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS https://ubuntu.com/security/CVE-2019-1010023 •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 1CVE-2019-1010024
https://notcve.org/view.php?id=CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. ** EN DISPUTA ** La biblioteca Libc actual de GNU está afectada por: Omisión de Mitigación. El impacto es que: el atacante puede omitir la funcionalidad ASLR utilizando la caché del subproceso (hilo) stack y heap. • http://www.securityfocus.com/bid/109162 https://security-tracker.debian.org/tracker/CVE-2019-1010024 https://sourceware.org/bugzilla/show_bug.cgi?id=22852 https://support.f5.com/csp/article/K06046097 https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS https://ubuntu.com/security/CVE-2019-1010024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •