Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP1 package upx, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-11243 — CVSS 7.8 (high): PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of…
CVE-2019-14296 — CVSS 7.8 (high): canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash)…
CVE-2019-20021 — CVSS 5.5 (medium): A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-20053 — CVSS 5.5 (medium): An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-1010048: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation…