SUSE CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

SUSE CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow...

SUSE CVE-2019-14468

GnuCOBOL 2.2 has a buffer overflow in cbpushop in cobc/field.c via crafted COBOL source code...

SUSE CVE-2019-14528

GnuCOBOL 2.2 has a heap-based buffer overflow in readliteral in cobc/scanner.l via crafted COBOL source code...

SUSE CVE-2019-14541

GnuCOBOL 2.2 has a stack-based buffer overflow in cbencodeprogramid in cobc/typeck.c via crafted COBOL source code...

SUSE CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...

SUSE CVE-2019-15767

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file...

SUSE CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

SUSE CVE-2019-17451

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in bfddwarf2findnearestline in dwarf2.c, as demonstrated by nm...

SUSE CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

SUSE CVE-2019-20009

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeSPLINEprivate in dwg.spec...

SUSE CVE-2019-20011

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decodeR13R2000 in decode.c...

SUSE CVE-2019-20015

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeLWPOLYLINEprivate in dwg.spec...

SUSE CVE-2019-20909

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwgencodeLWPOLYLINE in dwg.spec...

SUSE CVE-2019-20913

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwgencodeentity in commonentitydata.spec...

SUSE CVE-2019-20912

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bitreadTF...

SUSE CVE-2019-20914

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwgencodecommonentityhandledata in commonentityhandledata.spec...

SUSE CVE-2019-20915

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bitwriteTF in bits.c...

SUSE CVE-2019-25013

The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read...

SUSE CVE-2019-1010022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...