CVE-2019-20010

CVE-2019-20010 affects GNU LibreDWG 0.92 with a use-after-free in resolve_objectref_vector (decode.c). Connected advisories show openSUSE/libredwg updates up to release 0.9.3 addressing this and related CVEs (e.g., 2019-20010, 2019-20011, 2019-20012, 2019-20013, 2019-20014, 2019-20015) across Ope...

CVE-2019-20010

An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolveobjectrefvector in decode.c...

GNU LibreDWG Excessive Memory Allocation Vulnerability (CNVD-2020-03561)

LibreDWG is a free C library for reading and writing DWG files. An excessive memory allocation vulnerability exists in dwgdecodeHATCHprivate in dwg.spec in GNU LibreDWG 0.92. An attacker can exploit this vulnerability via specially crafted input to cause an attempt to allocate too much memory,...

GNU LibreDWG Excessive Memory Allocation Vulnerability (CNVD-2020-03562)

GNU LibreDWG is a GNU Project C library for working with DWG files. A security vulnerability exists in the 'decode3dsolid' function of dwg.spec in versions of GNU LibreDWG prior to 0.93. An attacker can exploit this vulnerability to cause a denial of service large memory consumption...

GNU LibreDWG Post-Release Reuse Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A post-release reuse vulnerability exists in the 'resolveobjectrefvector' function in the decode.c file in GNU LibreDWG version 0.92. The vulnerability stems from mismanagement of system resources e.g., memory, disk space, files,...

AVE DOMINAplus 1.10.x Authentication Bypass Vulnerability

AVE DOMINAplus =1.10.x Authentication Bypass Exploit Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 -...

AVE DOMINAplus 1.10.x Authentication Bypass

AVE DOMINAplus =1.10.x Authentication Bypass Exploit Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 -...

PT-2019-6404 · Gnu +3 · Gnu Binutils +3

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions prior to 2.34 Description: The issue is related to an uninitialized-heap vulnerability in the tic4x print cond function, located in the opcodes/tic4x-dis.c component of the GNU Binutils software development tool. This...

Linux/x86 Encoder / Decoder Shellcode (117 bytes)

Title : Linux/x86 - Encoder - Random Bytes + XOR/SUB/NOT/ROR / Decoder - ROL/NOT/ADD/XOR execve/bin/sh Shellcode 117 bytes Author : Xenofon Vassilakopoulos Date : July, 2019 Tested on : Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture : i686 GNU/Linu...

CVE-2018-20002

The bfdgenericreadminisymbols function in syms.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service memory consumption, as demonstrated by nm...

EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-2686)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils through 2.31. There is a heap-bas...

PT-2019-6405 · Gnu +2 · Binutils +2

Name of the Vulnerable Software and Affected Versions: binutils versions prior to 2.34 Description: The issue is related to a flaw in the /bfd/pef.c component of the GNU Binutils software development tool, which is associated with null pointer dereference errors. An attacker can exploit this flaw...

Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-1000876 DESCRIPTION: binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can...

Security Bulletin: Multiple Vulnerabilities in GNU C Library affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GNU C Library affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-7309 DESCRIPTION: In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are...

Security Bulletin: Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local

Summary Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local Vulnerability Details CVEID: CVE-2018-18701 DESCRIPTION: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite...

Amazon Linux AMI : libidn2 (ALAS-2019-1327)

idn2toascii4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. CVE-2019-18224 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some...

EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2558)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The aout32swapstdrelocout function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils before 2.31...

Dovecot < 2.2.7 Authentication Bypass Vulnerability

Dovecot is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

EulerOS 2.0 SP3 : tar (EulerOS-SA-2019-2673)

According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2645)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...