Lucene search
+L

262 matches found

OpenVAS
OpenVAS
added 2018/10/13 12:0 a.m.18 views

openSUSE: Security Advisory for mgetty (openSUSE-SU-2018:3108-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.9AI score0.01323EPSS
Exploits6References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/12 12:10 p.m.54 views

Security update for mgetty (moderate)

This update for mgetty fixes the following issues: - CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c boo1108752 - CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter boo1108762 - CVE-2018-16743: Stack-based buffer overflow with long...

3.7AI score0.01323EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2018/10/03 12:0 a.m.22 views

SUSE SLED12 / SLES12 Security Update : mgetty (SUSE-SU-2018:2979-1)

This update for mgetty fixes the following security issues : CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input...

7.8CVSS6.8AI score0.01323EPSS
Exploits6References16
OSV
OSV
added 2018/10/02 3:51 p.m.5 views

SUSE-SU-2018:2979-1 Security update for mgetty

This update for mgetty fixes the following security issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted inp...

7.8CVSS8AI score0.01323EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2018/10/01 12:0 a.m.26 views

openSUSE Security Update : mgetty (openSUSE-2018-1080)

This update for mgetty fixes the following issues : - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input...

7.8CVSS6.9AI score0.01323EPSS
Exploits6References10
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/28 9:8 p.m.154 views

Security update for mgetty (important)

This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reach...

2.3AI score0.01323EPSS
Exploits6References5
OSV
OSV
added 2018/09/27 10:4 a.m.7 views

SUSE-SU-2018:2894-1 Security update for mgetty

This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reach...

7.8CVSS8AI score0.01323EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.23 views

SUSE SLES11 Security Update : mgetty (SUSE-SU-2018:2850-1)

This update for mgetty fixes the following issues : CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reached i...

7.8CVSS6.8AI score0.01323EPSS
Exploits6References16
OSV
OSV
added 2018/09/25 10:7 a.m.5 views

SUSE-SU-2018:2850-1 Security update for mgetty

This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reache...

7.8CVSS8AI score0.01323EPSS
Exploits6References11
BDU FSTEC
BDU FSTEC
added 2018/09/25 12:0 a.m.6 views

The vulnerability of the `fax_notify_mail` function in the `mgetty` package on Red Hat Enterprise Linux systems allows a hacker to cause a service failure.

The vulnerability of the faxnotifymail function in the mgetty package for Red Hat Enterprise Linux is caused by a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to trigger a service failure using the mailto parameter...

2.9CVSS5.9AI score0.00448EPSS
Exploits2References4Affected Software1
0day.today
0day.today
added 2018/09/21 12:0 a.m.103 views

mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities. Multiple Vulnerabilities in mgetty ================================== Overview - -------- Confirmed Affected Versions: 1.2.0 Patched Versions: 1.2.1 Vendor: mgetty...

0.9AI score0.01323EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2018/09/17 5:50 p.m.12 views

CVE-2018-16742

An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...

7.8CVSS4.7AI score0.00448EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2018/09/17 5:49 p.m.18 views

CVE-2018-16743

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...

7.8CVSS3.3AI score0.00448EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2018/09/17 5:49 p.m.23 views

CVE-2018-16744

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not...

7.8CVSS3.4AI score0.01034EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2018/09/17 5:49 p.m.17 views

CVE-2018-16745

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain more than 150...

7.8CVSS3.7AI score0.00448EPSS
Exploits2References2
CNVD
CNVD
added 2018/09/14 12:0 a.m.60 views

Mgetty Buffer Overflow Vulnerability

Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...

7.8CVSS7.7AI score0.00448EPSS
Exploits2References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.5 views

Mgetty Buffer Overflow Vulnerability (CNVD-2019-03437)

Mgetty is a getty replacement program for data and fax operations. A stack buffer overflow vulnerability exists in the contrib/next-login/login.c file in versions of Mgetty prior to 1.2.1, which stems from a program passing an unfiltered 'username' parameter to the 'strcpy ' function, which can b...

7.8CVSS7.8AI score0.00448EPSS
Exploits2References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.5 views

Mgetty Buffer Overflow Vulnerability (CNVD-2019-03438)

Mgetty is a getty replacement program for data and fax operations. A stack buffer overflow vulnerability exists in the contrib/scrts.c file in versions of Mgetty prior to 1.2.1, which can be exploited to execute arbitrary code or cause a denial of service with the help of command line arguments...

7.8CVSS8AI score0.00448EPSS
Exploits2References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.53 views

Mgetty Command Injection Vulnerability (CNVD-2019-03439)

Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...

7.8CVSS8AI score0.01323EPSS
Exploits2References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.34 views

Mgetty Command Injection Vulnerability

Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from the program failing to filter the 'mailto' parameter in the 'faxnotifymail' function The vulnerability can be...

7.8CVSS7.8AI score0.01034EPSS
Exploits2References1
Rows per page
Query Builder