CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39976 – libqb: Buffer overflow in log_blackbox.c
https://notcve.org/view.php?id=CVE-2023-39976
08 Aug 2023 — log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Issues addressed include a buffer overflow vulnerability. • https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-12779 – libqb: Insecure treatment of IPC (temporary) files
https://notcve.org/view.php?id=CVE-2019-12779
07 Jun 2019 — libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. libqb anterior a la versión 1.0.5 permite a los usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlace simbólico (symlink attack), porque utiliza nombres de archivo predecibles (bajo /dev/shm y /tmp) sin O_EXCL. The libqb packages provide a library with the primary purpose of providing high performance client/server ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00017.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •