SUSE CVE-2019-9070

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in cp-demangle.c after many recursive calls...

SUSE CVE-2019-9071

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls...

SUSE CVE-2019-9072

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c...

SUSE CVE-2019-9075

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c...

SUSE CVE-2019-9169

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...

SUSE CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

SUSE CVE-2019-9779

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwgdxfLTYPE at dwg.spec earlier than CVE-2019-9776...

SUSE CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

SUSE CVE-2019-11637

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recrsetgetprops at rec-rset.c in librec.a, leading to a crash...

SUSE CVE-2019-11638

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recfieldnameequalp at rec-field-name.c in librec.a, leading to a crash...

SUSE CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

SUSE CVE-2019-13050

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...

SUSE CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...

SUSE CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow...

SUSE CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

SUSE CVE-2019-14468

GnuCOBOL 2.2 has a buffer overflow in cbpushop in cobc/field.c via crafted COBOL source code...

SUSE CVE-2019-14528

GnuCOBOL 2.2 has a heap-based buffer overflow in readliteral in cobc/scanner.l via crafted COBOL source code...

SUSE CVE-2019-14541

GnuCOBOL 2.2 has a stack-based buffer overflow in cbencodeprogramid in cobc/typeck.c via crafted COBOL source code...

SUSE CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...

SUSE CVE-2019-15767

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file...