Red Hat Enterprise Linux 代码问题漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a code vulnerability that allows local attackers to cause denial-of-service attacks by tricking users into processing specially crafted ELF files. This...

PT-2025-22384

Name of the Vulnerable Software and Affected Versions Valvesoftware Steam Client version 1738026274 Description The issue allows attackers to escalate privileges via a crafted executable or DLL. This can be achieved by manipulating a specifically crafted executable or DLL, which enables the...

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

...

SUSE CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

UBUNTU-CVE-2023-36377

Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files...

UBUNTU-CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

UBUNTU-CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

PT-2019-13812 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 versions prior to 3.7.0 Description: A command injection issue exists due to improper handling of symbol names embedded in executables. This allows for the execution of arbitrary shell commands with the permissions of the victim by...

DEBIAN-CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

CVE-2019-10167

The virConnectGetDomainCapabilities libvirt API accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument,...

DEBIAN-CVE-2017-14930

Memory leak in decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

DEBIAN-CVE-2016-2226

Integer overflow in the stringappends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow...