103 matches found
SUSE CVE-2021-42380
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function...
SUSE CVE-2021-42381
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hashinit function...
SUSE CVE-2021-42383
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
SUSE CVE-2021-42385
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
SUSE CVE-2021-42384
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handlespecial function...
SUSE CVE-2021-42386
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...
Regular Expression Denial Of Service (ReDoS)
simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...
Ubuntu 16.04 ESM : GNU C Library vulnerabilities (USN-5699-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5699-1 advisory. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
AlmaLinux 8 : cpio (ALSA-2022:1991)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1991 advisory. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an...
RHEL 8 : cpio (RHSA-2022:1991)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1991 advisory. The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio...
cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CentOS 8 : cpio (CESA-2022:1991)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1991 advisory. - cpio: integer overflow in dsfgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file CVE-2021-38185 Note that Nessus has not tested...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2022-1164)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : cpio (EulerOS-SA-2022-1114)
According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via...
Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability
Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted,...