{"vulnerability": "CVE-2019-2091", "sightings": [{"uuid": "9ccf99a3-3549-4b4c-8b7e-459b77e0cacd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20911", "type": "seen", "source": "https://t.me/cibsecurity/13515", "content": "ATENTION\u203c New - CVE-2019-20911\n\nAn issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-16T22:55:35.000000Z"}, {"uuid": "e7103f00-5a6c-4a39-841b-a95906a0a13f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20912", "type": "seen", "source": "https://t.me/cibsecurity/13514", "content": "ATENTION\u203c New - CVE-2019-20912\n\nAn issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-16T22:55:35.000000Z"}, {"uuid": "461c566a-c115-4872-a70e-aa2e78b94add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20915", "type": "seen", "source": "https://t.me/cibsecurity/13511", "content": "ATENTION\u203c New - CVE-2019-20915\n\nAn issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-16T22:55:32.000000Z"}, {"uuid": "07da90a0-e7f1-4599-a695-42ca2c402554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20914", "type": "seen", "source": "https://t.me/cibsecurity/13512", "content": "ATENTION\u203c New - CVE-2019-20914\n\nAn issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-16T22:55:33.000000Z"}, {"uuid": "bd3b5fd2-a45d-4790-8035-15f6210a0698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20913", "type": "seen", "source": "https://t.me/cibsecurity/13513", "content": "ATENTION\u203c New - CVE-2019-20913\n\nAn issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-16T22:55:34.000000Z"}, {"uuid": "041da9f2-e0e2-4c7c-842c-ecfc78552f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20916", "type": "seen", "source": "https://t.me/cibsecurity/14502", "content": "ATENTION\u203c New - CVE-2019-20916\n\nThe pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-05T00:55:12.000000Z"}, {"uuid": "b5f2e9d4-37eb-4d59-b621-29d01b75928a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-20916", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "da63e8fc-2b42-4d53-a9e6-03382f70b741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20919", "type": "seen", "source": "https://t.me/cibsecurity/14741", "content": "ATENTION\u203c New - CVE-2019-20919\n\nAn issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-17T22:55:26.000000Z"}]}