Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service. A heap-based buffer over-read issue was discovered in the function secmergehashlookup in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, because bfdaddmergesection mishandles section merges when...

Remote Code Execution (RCE)

opensmtpd:bionic is vulnerable to denial of service DoS. smtpmailaddr in smtpsession.c allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils. There is a heap-based buffer over-read in bfddoprnt in bfd.c because elfobjectp in elfcode.h mishandles an eshstrndx section of typ...

Buffer Overflow

vlc:bionic is vulnerable to buffer overflow. Due to a flaw, it causes a crash which can possibly be further developed into a remote code execution exploit...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. The vulnerability exists in the bfdgenericreadminisymbols function of syms.c in the Binary File Descriptor BFD, allowing a malicious user to cause an application crash via a crafted ELF file...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls...

Buffer Overflow

binutils:bionic is vulnerable to buffer overflow. finishstab in stabs.c allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...

USN-4472-1 postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +8 more potentially affected by CVE-2020-7627 via node-key-sender (>=1.0.11 <=1.0.9)

node-key-sender NPM version =1.0.11, =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =0.9.0, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source advisory: SNYK:JS-NODEKEYSENDER-564261...

CVE-2019-19797

readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write...

CVE-2019-13107

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c...

CVE-2019-12865

In radare2 through 3.5.1, cmdmount in libr/core/cmdmount.c has a double free for the ms command...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-17967

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c...

Pangu Hackers have Jailbroken iOS 12 on Apple's New iPhone XS

Bad news for Apple. The Chinese hacking team Pangu is back and has once again surprised everyone with a jailbreak for iOS 12 running on the brand-new iPhone XS. Well, that was really fast. Pangu jailbreak team has been quiet for a while, since it last released the untethered jailbreak tool for iO...

Pangu Hackers have Jailbroken iOS 12 on Apple's New iPhone XS

Bad news for Apple. The Chinese hacking team Pangu is back and has once again surprised everyone with a jailbreak for iOS 12 running on the brand-new iPhone XS. Well, that was really fast. Pangu jailbreak team has been quiet for a while, since it last released the untethered jailbreak tool for iO...

CVE-2018-11396

ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call...

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

CVE-2017-18201

An issue was discovered in GNU libcdio before 2.0.0. There is a double free in getcdtextgeneric in lib/driver/cdiogeneric.c...

CVE-2018-6542

In ZZIPlib 0.13.67, there is a bus error when handling a disk64trailer seek value caused by loading of a misaligned address in the zzipdiskfindfirst function of zzip/mmapped.c...