90 matches found
Oracle Linux 7 : openldap (ELSA-2020-4041)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4041 advisory. 2.4.44-22 - Fix CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters 1838405 Tenable has extracted the preceding...
EulerOS 2.0 SP2 : coreutils (EulerOS-SA-2020-1663)
According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering...
Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2020-1663)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-4041
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to...
CVE-2020-4041
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to...
CVE-2020-4041
CVE-2020-4041 (Bolt CMS) affects Bolt CMS versions before 3.7.1. The vulnerability concerns the filename of uploaded files, which is stored in a way that allows stored XSS after the file is created/uploaded. Although initial file names cannot inject JavaScript, renaming the file post-upload can i...
Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2020-1374)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : coreutils (EulerOS-SA-2020-1374)
According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering...
CVE-2015-4041
The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service heap-based buffer overflow and application crash ...
CVE-2015-4041
CVE-2015-4041 affects GNU Coreutils (sort, sort.c, keycompare_mb) on 64-bit platforms. The vulnerability arises from a size calculation in keycompare_mb that does not account for the number of bytes occupied by multibyte UTF-8 characters, enabling a heap-based overflow under long UTF-8 strings an...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel update (USN-4041-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4041-1 advisory. USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking...
Ubuntu: Security Advisory (USN-4041-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4041-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update
USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SOSNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that t...
Unauthorized Access
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
CVE-2018-4041
CVE-2018-4041 corresponds to a privilege-escalation in CleanMyMac X 4.04 due to improper input validation in the helper protocol’s enableLaunchdAgentAtPath function. The attack requires local access and could let a non-root user load a root-privileged launch agent, effectively enabling root-level...
CVE-2017-4041
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4041
CVE-2017-4041 entry is rejected and not used; it does not represent an active vulnerability.
CVE-2017-4041
...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4041)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4041 advisory. - KEYS: Remove keytype::match in favour of overriding default by matchpreparse Tim Tianyang Chen Orabug: 25757946 CVE-2017-6951 - tcp: initialize...
Debian DSA-4041-1 : procmail - security update
Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail's formail utility when processing specially crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss. %NASLMINLEVEL 70300 C Tenable Network...