The vulnerability of the bgpd software module for implementing network routing on Unix-like systems allows a hacker to cause service interruptions.

The vulnerability of the bgpd software module for implementing routing on Unix-like systems is related to the issue where an operation is executed outside the buffer in memory when processing BGP OPEN messages with a length of one octet or word. Exploiting this vulnerability allows a remote...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts...

SUSE: Security Advisory (SUSE-SU-2023:2096-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely.

The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1867-1 advisory. - In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with...

Sudo 安全漏洞

Sudo is a program used on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in versions of Sudo prior to 1.9.13 that stems from the fact that Sudo does not escape control characters in log messages...

Stack overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

CVE-2023-27590

The CVE-2023-27590 entry concerns Rizin (UNIX-like reverse engineering framework). It describes a stack-based buffer overflow in versions up to 0.5.1 when converting a GDB registers profile file into a Rizin register profile, triggered when the name, type, or groups fields exceed expected lengths...

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

SUSE CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

SUSE CVE-2021-29428

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...

SUSE CVE-2021-32751

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...

SUSE CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

Design/Logic Flaw

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

openSUSE 15 Security Update : netty (SUSE-SU-2022:1271-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1271-1 advisory. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

Denial Of Service (DoS)

newsboat is vulnerable to denial of service DoS attacks. Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are...

GHSA-JF2P-4GQJ-849G Temporary File Information Disclosure vulnerability in MPXJ

Impact On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file...

Temporary File Information Disclosure vulnerability in MPXJ

Impact On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file...

CVE-2022-41954 Temporary File Information Disclosure Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...