118 matches found
SUSE CVE-2014-0231
The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...
SUSE CVE-2017-9108
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read would have done. Without this fix, adnshost may read...
SUSE CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...
CVE-2023-0751
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...
CVE-2023-0751 GELI silently omits the keyfile if read from stdin
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...
UBUNTU-CVE-2022-44267
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input...
DEBIAN-CVE-2020-28009
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow multiple days...
PT-2020-8506 · Adns +2 · Adns +2
Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2 Description: An issue was discovered in adns where adnshost mishandles a missing final newline on a stdin read. This can cause adnshost to read and process one byte beyond the buffer, potentially crashing or leaki...
The vulnerability of the `stdin getln` function in the system administration software Sudo, which allows a hacker to escalate their privileges.
The vulnerability of the stdin getln function in the system administration program Sudo is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to increase their privileges...
Sudo Stack Buffer Overflow Vulnerability
Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a stack buffer overflow vulnerability. An attacker can exploit the vulnerability by requiring a long string to be passed to the STDIN of GLLN in TGETPAST...
glibc security, bug fix, and enhancement update
2.28-72.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...
Bandit - Tool Designed To Find Common Security Issues In Python Code
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...
DEBIAN-CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...
Android netd Denial of Service Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. netd is a network daemon. A security vulnerability exists in netd in versions of Android prior to 2016-08-05, which stems from the program's failure to properly handle tethering a...
Amazon Linux AMI : httpd24 (ALAS-2014-389)
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
Mandriva Linux Security Advisory : apache (MDVSA-2014:142)
Updated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a...