CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-9771
https://notcve.org/view.php?id=CVE-2019-9771
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una desreferencia de puntero NULL en la función bit_convert_TU en bits.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html http://www.securityfocus.com/bid/107447 https://github.com/LibreDWG/libredwg/issues/99 https://savannah.gnu.org/bugs/index.php?55893 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 1CVE-2019-9775
https://notcve.org/view.php?id=CVE-2019-9775
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una lectura fuera de límites en la función dwg_dxf_BLOCK_CONTROL en dwg.spec. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html http://www.securityfocus.com/bid/107447 https://github.com/LibreDWG/libredwg/issues/99 https://savannah.gnu.org/bugs/index.php?55893 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2019-9772
https://notcve.org/view.php?id=CVE-2019-9772
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una desreferencia de puntero NULL en la función dwg_dxf_LEADER en dwg.spec. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html http://www.securityfocus.com/bid/107447 https://github.com/LibreDWG/libredwg/issues/99 https://savannah.gnu.org/bugs/index.php?55893 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9778
https://notcve.org/view.php?id=CVE-2019-9778
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función dwg_dxf_LTYPE en dwg.spec. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html http://www.securityfocus.com/bid/107447 https://github.com/LibreDWG/libredwg/issues/99 https://savannah.gnu.org/bugs/index.php?55893 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9752
https://notcve.org/view.php?id=CVE-2019-9752
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a la 6.0.16 y CVErsiones 7.x anteriores a la 7.0.4. Un atacante que haya iniciado sesión en OTRS como usuario agente o cliente podría subir un recurso manipulado para provocar la ejecución de JavaScript en el contexto de OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •