EUVD-2021-30450

Malicious code in bioql PyPI...

CVE-2021-43521

A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlogconfbuildwithfile in src/zlog/src/conf.c...

CVE-2021-43521

A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlogconfbuildwithfile in src/zlog/src/conf.c...

zlog 缓冲区错误漏洞

zlog is a reliable , high-performance , thread-safe , flexible , model-clear pure C logging library of China Hardy Simpson individual developers . A buffer overflow vulnerability exists in zlog version 1.2.15, which stems from a buffer overflow in zlogconfbuildwithfile in src/zlog/src/conf.c. The...

[SECURITY] [DLA 2246-1] xawtv security update

Package : xawtv Version : 3.103-3+deb8u1 CVE ID : CVE-2020-13696 Debian Bug : 962221 An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem...

CVE-2020-13696

An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...

CVE-2019-18182

pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the downloadwithxfercommand function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted databa...

CVE-2019-18182

The CVE-2019-18182 entry concerns pacman before 5.2. The vulnerability is a command-injection in download_with_xfercommand() in conf.c, exploitable when unsigned databases are used and a non-default XferCommand is enabled, with attacker-controlled database data. Impact is arbitrary command execut...

CVE-2019-18182

pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the downloadwithxfercommand function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted databa...

CVE-2019-18182

pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the downloadwithxfercommand function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted databa...

Code injection

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

Tinyproxy 'conf.c'整数溢出安全绕过漏洞

Bugtraq ID: 47715 CVE ID：CVE-2011-1499 Tinyproxy是一个小型的基于GPL的HTTP/SSL代理程序。 Tinyproxy在子网掩码生成实现上存在一个错误，当配置允许网络段时如"Allow 192.168.0.0/24"相对与默认的"Allow 127.0.0.1"，会允许任意IP地址连接，使其成为一个开放代理。如果配置使用一个或多个使用IP段的Allow语句，就会发生这种情况。 Banu Systems Private Limited Tinyproxy 1.8.2 厂商解决方案 Tinyproxy 1.8.3已经修复此漏洞，建议用户下载使用...

CVE-2011-1843

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers...

CVE-2011-1843

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers...

CVE-2002-1279

CVE-2002-1279 is a local privilege escalation in Masqmail. Multiple buffer overflows in Masqmail’s conf.c affect Masqmail 0.1.x (before 0.1.17) and 0.2.x (before 0.2.15). Exploitation via specific entries in the configuration file (-C) can grant elevated rights to local users. Debian advisories c...