CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

UBUNTU-CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

OpenSSH 7.4 - agent Protocol Arbitrary Library Loading Vulnerability

The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSHAGENTCADDSMARTCARDKEY and SSHAGENTCADDSMARTCARDKEYCONSTRAINED if OpenSSH was compiled with the ENABLEPKCS11 flag normally enabled and the agent isn't locked. For these commands, the client has to specify a provid...

Low: ruby19, ruby20, ruby21, ruby22

Issue Overview: DL::dlopen could open a library with tainted library name even if $SAFE 0. Affected Packages: ruby19, ruby20, ruby21, ruby22 Issue Correction: Run yum update ruby19 or yum update --advisory ALAS-2016-632 to update your system. Run yum update ruby20 or yum update --advisory...

DEBIAN-CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable...

CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable...

Debian DLA-300-1 : ruby1.9.1 security update

'sheepman' fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 'Squeeze', this issue has been fixed in ruby1.9.1 1.9.2.0-2+deb6u7 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

Debian DLA-299-1 : ruby1.8 security update

'sheepman' fixed a vulnerability in Ruby 1.8: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 'Squeeze', this issue has been fixed in ruby1.8 1.8.7.302-2squeeze5. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

Userhelper-PAM-Path-Vulnerability

synopsis: both 'pam' and 'userhelper' a setuid binary that comes with the 'usermode-1.15' rpm follow .. paths. Since pamstart calls down to pamaddhandler, we can get it to dlopen any file on disk. 'userhelper' being setuid means we can get root...

RHEL 6 : glibc (RHSA-2015:0016)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0016 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Serv...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150107)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was found that the...

CentOS 6 : glibc (CESA-2015:0016)

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

glibc security and bug fix update

2.12-1.149.4 - Fix recursive dlopen 1173469. 2.12-1.149.3 - Fix typo in ressend and resquery rh1172023. 2.12-1.149.2 - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. 2.12-1.149.1 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170121...

OracleVM 3.3 : glibc (OVMSA-2014-0033)

The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, - Switch gettimeofday from INTUSE to libchiddenproto 109902...

PHP 4.x DLOpen Memory Disclosure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8405/info A vulnerability has been reported to present itself in the dlopen function contained in the PHP source. The issue occurs when PHP is used in conjunction with the Apache web server. A local attacker may exploit...

Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress utilities checks the user's PATH...

PHP 4.x DLOpen Memory Disclosure Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8405/info A vulnerability has been reported to present itself in the dlopen function contained in the PHP source. The issue occurs when PHP is used in conjunction with the Apache web server. A local attacker may exploit...

Fedora Update for libHX FEDORA-2010-12950

Check for the Version of libHX OpenVAS Vulnerability Test Fedora Update for libHX FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

[SECURITY] Fedora 14 Update: libHX-3.6-1.fc14

A library for: - rbtree with key-value pair extension - deques double-ended queues Stacks LIFO / Queues FIFOs - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option argv parser...