341 matches found
MGASA-2021-0527 Updated perl/perl-Encode packages fix security vulnerability
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
Updated perl/perl-Encode packages fix security vulnerability
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
Design/Logic Flaw
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG verification that a kernel module is signed for loading via init_module does not occur for a module.sig_enforce=1 command-line argument.
...
AZL-6570 CVE-2021-35039 affecting package kernel for versions less than 5.10.78.1-1
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument...
CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument...
CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument...
OESA-2021-1024 p11-kit security update
Provides a way to load and enumerate PKCS11 modules. Provides a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable. Also solves problems with coordinating the use of PKCS11 by different components or libraries living in the same process.\r\n\r\n...
[SECURITY] Fedora 33 Update: p11-kit-0.23.22-1.fc33
p11-kit provides a way to load and enumerate PKCS11 modules, as well as a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable...
CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change...
isf
This repository is an Industrial Exploitation Framework ISF for testing and exploiting industrial control systems ICS. It is a Python-based framework similar to Metasploit. The framework is based on the open-source project routersploit and includes various clients and modules for different ICS...
kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system...
CVE-2020-5977
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...
EulerOS Virtualization for ARM 64 3.0.6.0 : perl-IO-Compress (EulerOS-SA-2020-2036)
According to the version of the perl-IO-Compress package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that perl can load modules from the current directory if not found in the module directories, via t...