SUSE CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

Malicious code in uv-dlopen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0afbc0eba79fdaa42ddcd71625c3238da6669e940a2a28b5515c91c3f423bda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

Fedora 31 : glibc (2020-1a3bdfde17)

This update fixes a minor security vulnerability LDPREFERMAP32BITEXEC not ignored in setuid binaries and addresses are long-standing bug where missing shared objects could cause crashes due to incorrectly handled dlopen failures RHBZ1395758. The latter fix also causes lazy binding failures in ELF...

openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24)

This update for ffmpeg-4 fixes the following issues : ffmpeg-4 was updated to version 4.0.5, fixes boo1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service out-of-array access or possibly have...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

Design/Logic Flaw

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

OpenBSD has an unspecified vulnerability (CNVD-2019-44735)

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD project team. A security vulnerability exists in xlock in OpenBSD version 6.6, which stems from the xenocara/lib/mesa/src/loader/loader.c file not handling dlopen correctly.A local attacker can exploit thi...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

MariaDB: Path traversal in command line client

The command line client has a directory traversal bug which allows server chosen files to be dlopened when it connects to a malicious server. The path can also be padded with / characters so that strxnmov drops the .so extension. The dlopen call is performed here: Impact In rare situations where...

Denial Of Service (DoS)

tcmu-runner is vulnerable to NULL pointer dereference. The vulnerability exists in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in...

Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp

Posted by Natalie Silvanovich, Project Zero WhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC...

ruby: dlopen could open a library with tainted library name

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

ruby: dlopen could open a library with tainted library name

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

USN-3365-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. CVE-2009-5147 Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenS...

Ghost to reproduce: part of the WiMAX routing device to authenticate the existence of the bypass and back door vulnerability-vulnerability warning-the black bar safety net

The SEC's security personnel in some of the WiMAX router on found a vulnerability, this vulnerability allows an attacker to change the router administrator password, and then get on the vulnerabilities of the device control. Worse, if an attacker took control of these contains a vulnerability in...

HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution

HPE Intelligent Management Center iMC 7.2 E0403P10 - Code Execution Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 E0403P10 Enterprise, this vulnerability leads to an exploitable remote code...

Design/Logic Flaw

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

UBUNTU-CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...